We and your privacy on the internet

§ ????? ???
Your IP address and browser information may be processed by security plugins on this website. By continuing, you agree and consent to this.
In order to ensure an efficient, optimal and secure provision of our homepage, we collect some personal data. We are careful to comply with German and European data protection regulations and have therefore taken measures to protect your privacy. The following information is intended to give you an overview of what personal data we collect and how.
What regulations are we subject to with regard to the handling of personal data?
As a company with its registered office in Germany, we are subject exclusively to German and European data protection regulations, as well as the opinions of the German data protection authority (Universalschlichtungsstelle des Bundes | General Conciliation Body), to which they can submit complaints.
date of this version 27 September 2022
Privacy notice
I) General information on data processing
Your personal data, for example title, name, address, delivery address, e-mail address, telephone number, bank details or credit card number, will only be processed by us in accordance with the provisions of the German Telecommunications-Telemedia-Data-Protection Act (TTDSG), the German Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR) of the European Parliament and the Council. In addition to the processing purposes, data, recipients, legal bases, storage periods, the following regulations also inform you about your rights and the person responsible for your data processing. This data protection notice only refers to our website.
Please note that links on our website may take you to other websites which are not operated by us but by third parties. Such links are either clearly marked by us or are recognisable by a change in the address line of your browser. We are not responsible for compliance with data protection regulations and secure handling of your personal data on these websites operated by third parties.
1 Body responsible for data processing ("controller")
Responsible body in the sense of the General Data Protection Regulation pursuant to Art. 4 No. 7 - GDPR, the German Federal Data Protection Act pursuant to Art. 46 No. 7 - BDSG, pursuant to Art. 2 Para. 2 No. 1 of the Act on Data Protection and Privacy in Telecommunications and Telemedia, the German Telecommunications-Telemedia-Data-Protection-Act - TTDSG and other data protection requirements is:
Sabine Plewnia
Zechenwihlstraße 15
79730 Murg
E-mail: info@plewnia-naturprodukte.de
Hereinafter referred to as the "controller, website operator" or "we".
Websites: 
https://www.plewnia-naturprodukte.de
https://www.goloy.shop
https://www.aion-a-heilgestein.de
Hereinafter referred to as "Website".
2 Definitions
From the General Data Protection Regulation - GDPR
This privacy notice uses the terms of the legal text of the GDPR. The definitions (Art. 4 - GDPR) can be found, for example, at: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
Additional definitions:
Cookie similar technologies - CSRF
The WebStorage technology enables local storage of variables and values in the user’s browser cache. The technology includes the so-called "sessionStorage" which remains stored until the browser tab is closed as well as the "localStorage" which remains stored in the browser cache until the cache is emptied by the user. The localStorage technology enables, among other things, recognition of the user and user settings when the user comes back to our website.
Data categories
If we specify the data categories we process, they include but are not limited to the following data:
Master data(e.g. names, addresses),contact data (e.g. email addresses, telephone numbers), content data (e.g. entered texts, photos, videos, contents of documents/files), contract data (e.g. contract purpose, contract terms, customer categories), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain contents, times of access, contact history and purchasing history), connection data (e.g. device information, IP addresses, URL referrer), position data (e.g. GPS data, IP geo-localisation, points of access); diagnosis data (e.g. crash logs, performance data of the website/app, other technical data for analysing failures, breakdowns and errors).
3 Information on data processing
We only process personal data to the extent permitted by law. We only disclose or transfer personal data to third parties in the cases described below. The personal data are protected by appropriate technical and organisational measures (e.g. pseudonymisation, encryption).
Except where we are obliged by law to store the data or disclose or transfer them to third parties (including but not limited to prosecuting authorities), the decision which personal data we process and for how long and to which extent we may disclose or transfer them to third parties depends on the specific website features you use from time to time.
4 Storage period
The personal data are deleted as soon as the purpose of the processing or the prescribed storage period, if any, has expired unless the storage of the personal data needs to be continued for the purpose of entering into or performing a contract. If and to the extent we are obliged to inform you about the duration of storage of cookies and similar technologies, this information is made available in our consent tool.
5 Automated individual decision-making, including profiling
Automated individual decision-making including profiling does not take place.
6 Your rights as a data subject
As a data subject you have the right of access/ right to information under Art. 15 - GDPR, the right to rectification under Art. 16 - GDPR, the right to erasure under Art. 17 - GDPR, the right to restriction of processing under Art. 18 - GDPR and the right to data portability under Art. 20 - GDPR. The right of access/right to information and the right to erasure are subject to the restrictions under § 34, § 35 - German BDSG (Bundesdatenschutzgesetz - German Federal Data Protection Act). You have the right to lodge a complaint with a supervisory authority (Art. 77 - GDPR in combination with § 19 - BDSG).
The supervisory authority responsible for us is:
Der Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
GERMANY
This link will take you to German "The Federal Commissioner for Data Protection and Freedom of Information - Der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit - BfDI" and provide you with an overview of the supervisory landscape in English:
https://www.bfdi.bund.de/EN/Home/home_node.html
7 Controller’s notification obligations
We will communicate any rectification or erasure of your personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 Para. 1 and Art. 18 - GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.
8 Obligation to provide
Unless stated otherwise in the explanations below regarding the applicable legal basis, you are not obliged to provide or disclose personal data to us. However, in the cases referred to in Art. 6 Para. 1 b) - GDPR, the personal data are necessary for entering into or performing a contract. If you do not provide use with the relevant personal data, it will be impossible for us to enter into, or perform, the contract. If you do not provide us with the data in the cases referred to in Art. 6 Para. 1 a), f) - GDPR, you will not be able to use the respective parts of our website.
9 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Para. 1 f) GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.
The objection is not subject to formal requirements and should be sent to the contact data stated above.
10 Withdrawal of consent
Pursuant to Art. 7 Para. 3 - GDPR, you have the right to withdraw your consent by mail or email, without observing any other formal requirements, at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. After you have withdrawn your consent, we will delete the personal data we have processed based on your consent unless there is another legal basis for the processing of these data.
The withdrawal is not subject to formal requirements and should be sent to the contact data stated above.
You can also withdraw your consent(s) by deactivating the relevant data processing services directly in our consent tool. Please be aware that you have to withdraw your consent on every single device from which you have accessed our website and consented to the data processing.
II) Data processing in connection with the use of our website
Generally, the use of the website and its features necessarily involves the processing of personal data.
Cookies and similar technologies
(1) Purpose of data processing
This website uses technically necessary cookies and similar technologies. These are small text files that are stored in or by your internet browser on your computer system. These cookies enable, for example, the insertion of several products into a shopping cart.
(2) Legal basis
The legal basis for this data processing is Art. 6 Para. 1 f) - GDPR.
(3) Legitimate interest
Our legitimate interest is the functionality of our website. The user data collected through technically necessary cookies are not used to create user profiles. This protects your interest in data protection.
(4) Storage duration
The technically necessary cookies are usually deleted when the browser is closed. Permanently stored cookies have a varying lifespan from a few minutes to several years.
(5) Withdrawal of consent
If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your internet browser. However, this may result in a functional restriction of our website. You can also delete permanently stored cookies at any time via your browser.
We currently use Shopware with the following technically necessary cookies:
| Cookie | Explanation | 
| timezone | Detection of the user's correct time zone. | 
| cart-widget-template | Template in shopping cart. | 
| csrf[frontend.account.login] | Sicherheitscookie für den Login in den Shopware Kundenaccount. | 
| csrf[frontend.account.register.save] | Security cookie for registration in the Shopware Shop. | 
| csrf[frontend.checkout.line-item.add] | Security cookie for adding products to the shopping cart. | 
Cookies and their settings can be viewed using the Consent Tool.
SSL or TLS encryption
(1) Purpose of data processing
For security reasons and to protect the transmission of confidential content that you send to us as the website operator, our website uses SSL or TLS encryption. This means that data you transmit via this website cannot be read by third parties. You can recognise an encrypted connection by the "https://" address line of your browser and the lock symbol in the browser line.
(2) Legal basis
The legal basis for the encryption procedure is Art. 32 Para. 1 - GDPR.
Server-Log-Dateien
(1) Purpose of data processing
In server log files, the provider of the website automatically collects and stores information that your browser automatically transmits to us.
(2) Legal basis
The legal basis for data processing is Art. 6 Para. 1 b) - GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.
This data is not merged with other data sources.
(3) Data categories
Usage data, connection data
(4) Date recipients
Hosting providers
Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: Profihost AG, Expo Plaza 1, 30539 Hannover, Germany.
(5) Storage duration
Data is deleted regularly on the server side.
(6) Intended transfer to third countries: None.
(7) Do we store personal data on your terminal based on your consent or do we read such data? No.
Provision of the website
(1) Purpose of data processing
Functionality and optimisation of the website, as well as ensuring the security of our information technology systems for purely informational use.
(2) Legal basis
The legal basis for this processing is Art. 6 Para. 1 f) - GDPR.
(3) Data categories
Connection data
(4) Data recipients
Website operator, hosting provider
Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: Profihost AG, Expo Plaza 1, 30539 Hannover, Germany.
(5) Intended transfer to third countries: None.
(6) Do we store personal data on your terminal based on your consent or do we read such data? No.
Customer account
(1) Purpose of data processing
Use of a customer account (as a prerequisite for placing purchase orders in our online shop); ensuring data and information security; allocation of future usage processes (purchase orders, contact requests, blog contributions); integration of the data into our CRM system - Shopware; ensuring the security of our systems.
(2) Legal basis
The legal basis for this data processing is Art. 6 Para. 1 b) - GDPR, Art. 6 Para. 1 f) - GDPR.
(3) Data categories
Master data, contact data, connection data
(4) Data recipients
Website operator, hosting provider
Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: Profihost AG, Expo Plaza 1, 30539 Hannover, Germany.
(5) Intended transfer to third countries: None.
(6) Do we store personal data on your terminal based on your consent or do we read such data? No.
Onlineshop
(1) Purpose of data processing
Operation of the online shop; processing of your purchase orders and requests; ensuring the security of our online shop.
(2) Legal basis
The legal basis for this data processing is Art. 6 Para. 1 b) - GDPR, Art. 6 Para. 1 f) - GDPR.
(3) Data categories
Stammdaten, Kontaktdaten, Vertragsdaten, Inhaltsdaten, Verbindungsdaten und Zahlungsdaten. Haben Sie bereits ein Kundenkonto bei uns, genügt die Anmeldung in Ihr Kundenkonto. Wir verwenden dann im Übrigen die personenbezogenen Daten aus Ihrem Kundenkonto.
Master data, contact data, contract data, content data, connection data, and payment data. If you have already created a customer account with us, you only have to log in to your account and we will then use the personal data from your customer account.
(4) Data recipients
Website operator, payment service provider, shipping service provider, hosting provider, if applicable merchandise management system, if applicable suppliers (drop shipping).
Data is only passed on to third parties if this is necessary for the operation of our website. For this purpose, personal data is transferred to the following recipients: Profihost AG, Expo Plaza 1, 30539 Hannover, Germany; Hermes Germany GmbH, Essener Straße 89, 22419 Hamburg, Germany.
(5) Intended transfer to third countries: None.
(6) Do we store personal data on your terminal based on your consent or do we read such data? No.
Newsletter - CleverReach
(1) Purpose of data processing
When you register for the newsletter, your e-mail address will be used for advertising purposes. Within the scope of the newsletter, we will inform you, for example, about products, podcasts or updates to our product range.
We use CleverReach to send newsletters. This service allows us to organise and analyse the newsletter dispatch. The data you enter to receive the newsletter, such as your e-mail address, is stored on CleverReach's servers. The servers are located in Germany and Ireland.
Sending the newsletter with CleverReach allows us to analyse the behaviour of the newsletter recipient. The analysis shows, among other things, how many recipients have opened their newsletter and with what frequency links in the newsletter were clicked. CleverReach supports conversion tracking in order to analyse whether a previously defined action, such as a product purchase, has taken place after clicking on a link. Details on data analysis by CleverReach can be found at:
https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
(2) Legal basis
The legal basis for this processing is Art. 6 Para. 1 a) - GDPR.
(3) Data categories
Essentially email address.
By connecting the CRM with CleverReach, master data and contact data are processed.
(4) Data recipients
Website operator, newsletter provider
(5) Newsletter provider: CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany.
(6) Storage duration
Your e-mail address will only be stored for the newsletter dispatch for the duration of the desired registration.
(7) Intended transfer to third countries: None.
(8) Do we store personal data on your terminal based on your consent or do we read such data? No.
(9) Widerrufsrecht
You can withdraw your consent at any time. If you no longer wish to receive the newsletter, you can unsubscribe as follows: Via the unsubscribe link in the newsletter, which you will find in every newsletter email, or by sending an email to info@plewnia-naturprodukte.de.
Your data for the newsletter dispatch will be deleted by CleverReach within 3 months after termination of the newsletter receipt, provided that the deletion does not conflict with any statutory retention obligations.
Virtual assistance
Please note that this function is currently a test, which is sometimes visible and may also be deactivated.
(1) Purpose of processing
Operation of the Tidio chatbot and live chat; While visiting the online shop, a chatbot answers questions on specific topics, shows alternative products or helps to contact support. The options are currently a live chat, email or messenger.
(2) Legal basis
The legal basis for this processing is Art. 6 Para. 1 a) - GDPR, Art. 46 Para. 2 and 3 - GDPR.
(3) Data categories
Master data, contact data, content data, usage data, connection data, location data. In addition, the personal data of your newsletter status will be used.
(4) Recipient categories
Website operator, chat tool provider
Data is only passed on to third parties if this is necessary for the operation of the virtual assistance. For this purpose, personal data is transferred to the following recipients: Profihost AG, Expo Plaza 1, 30539 Hannover, Germany; Tidio LLC,160 Spear Street, #1000 San Francisco, California 94105, United States of America.
(5) Intended third country transfer: In individual cases UK and USA on the basis of consent, fully compliant with the GDPR.
(6) Do we store or read out personal data on your end device based on your consent? No
(7) Right of withdrawal
You can withdraw your consent at any time with effect for the future. To do so, simply deactivate the Tidio area in the cookie settings.
Contact form
(1) Purpose of data processing
You have the option of contacting us via web forms. To use our contact form, we generally require a title, your first and last name, your e-mail address, your telephone number and generally a subject, as well as your request as a comment. You can provide further information, but you do not have to. By submitting the respective form, you agree that the data you provide may be electronically recorded and stored. The website operator has a legitimate interest in conducting the exchange you are seeking or in processing your enquiry appropriately. We use your data in accordance with Art. 5 Para. 1 b) - GDPR, insofar exclusively for processing your enquiry.
(2) Legal basis
The legal basis of the data processing is in the contractual relationship or concerns a subsequent contractual relationship Art. 6 Para. 1 b) - GDPR, Art. 49 Para. 1 a) - GDPR, otherwise Art. 6 Para. 1 f) - GDPR.
(3) Data categories
Master data, contact data, depending on the type of request
(4) Data recipients
Website operator
(5) Storage duration
We store the data required for processing the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods.
We keep the data required by commercial and tax law for the periods specified by law, regularly ten years (compare § 257 German Commercial Code - HGB, § 147 German Tax Code - AO)..
The data processed to carry out pre-contractual measures will be deleted as soon as the measures have been carried out and there is no recognisable conclusion of a contract.
(6) Intended transfer to third countries: None.
(7) Do we store personal data on your terminal based on your consent or do we read such data? No.
(8) Right of withdrawal
Withdrawal of consent already given is guaranteed in accordance with Art. 7 Para. 3 - GDPR. An informal communication by e-mail is sufficient for the withdrawal.
