Privacy Policy

Definitions

This data protection declaration is based on the terms used by the European legislator for the adoption of the GDPR. It should be legible and understandable for the general public, as well as our customers and business partners. We first explain the terminology used.

Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

Processing

Processing is any operation performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, alignment, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person — in particular to analyse or predict aspects concerning performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided such information is kept separately and subject to measures ensuring non-attribution.

Controller

Controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor

Processor is a natural or legal person which processes personal data on behalf of the controller.

Recipient

Recipient is a natural or legal person to which the personal data are disclosed, whether a third party or not.

Third party

Third party is a natural or legal person other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they signify agreement to the processing of personal data relating to them.

Name and address of the controller

Controller for the purposes of the GDPR, other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:

Wholesome You
Zentrum-Nord
04105 Leipzig
Deutschland

Contact: Send me a message
Website: www.bethkrysciak.com

Cookies

The Internet pages of Wholesome You use cookies. Cookies are text files that are stored on a computer system via an Internet browser. Many cookies contain a so-called cookie ID — a unique identifier consisting of a character string through which Internet pages and servers can be assigned to the specific browser in which the cookie was stored.

Through the use of cookies, Wholesome You can provide users with more user-friendly services that would not be possible without the cookie setting. Cookies allow us to recognise our users, making it easier for them to use the website — for example, so that access data does not need to be entered each time.

The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Cookies already set may be deleted at any time. If the data subject deactivates the setting of cookies, not all functions of our website may be entirely usable.

Collection of general data and information

The website collects a series of general data and information when it is accessed. This data is stored in the server log files and may include (1) the browser types and versions used, (2) the operating system, (3) the referring website, (4) the sub-pages visited, (5) the date and time of access, (6) an Internet protocol (IP) address, (7) the Internet service provider, and (8) any other similar data used in the event of attacks on our information technology systems.

When using this general data, Wholesome You does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, optimise it, ensure the long-term viability of our systems, and provide law enforcement authorities with information necessary for criminal prosecution in case of a cyber-attack. This anonymously collected data is analysed statistically with the aim of increasing data protection and security, and is stored separately from all personal data provided by a data subject.

Subscription to our newsletters

On the website, users may subscribe to our newsletter. The input mask determines what personal data is transmitted. The newsletter may only be received if the data subject has a valid e-mail address and registers for newsletter shipping. A confirmation e-mail is sent in the double opt-in procedure to prove that the owner of the e-mail address is authorised to receive the newsletter.

During registration we also store the IP address assigned by the Internet service provider, as well as the date and time of registration, to help understand any possible later misuse of the e-mail address. The personal data collected will only be used to send our newsletter. There is no transfer of this data to third parties. The subscription may be terminated, and consent revoked, at any time via the link in each newsletter or directly on the website.

Newsletter tracking

Our newsletters contain tracking pixels — miniature graphics embedded in HTML e-mails that enable log file recording and analysis. This allows Wholesome You to see if and when an e-mail was opened and which links were clicked, in order to optimise newsletter delivery and adapt future content to the interests of the data subject. This data is not passed to third parties. Data subjects may revoke their consent at any time, after which the data is deleted. Withdrawal from the newsletter is automatically regarded as a revocation.

Contact possibility via the website

The website contains information enabling quick electronic contact, including a contact form and an e-mail address. If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted is automatically stored for the purpose of processing or contacting the data subject. There is no transfer of this data to third parties.

Routine erasure and blocking of personal data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as granted by law. If the storage purpose no longer applies, or a prescribed storage period expires, the personal data is routinely blocked or erased in accordance with legal requirements.

Rights of the data subject

Right of confirmation

Each data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them is being processed.

Right of access

Each data subject has the right to obtain free information about their personal data stored and a copy of this information, including the purposes of processing, the categories of data concerned, the recipients, the envisaged storage period, and the existence of the rights to rectification, erasure and restriction. This includes:

• the purposes of the processing;
• the categories of personal data concerned;
• the recipients or categories of recipients to whom the data has been or will be disclosed;
• where possible, the envisaged storage period, or the criteria used to determine it;
• the existence of the right to request rectification, erasure or restriction, or to object to processing;
• the existence of the right to lodge a complaint with a supervisory authority;
• where the data is not collected from the data subject, any available information as to its source;
• the existence of automated decision-making, including profiling.

Right to rectification

Each data subject has the right to obtain without undue delay the rectification of inaccurate personal data and to have incomplete data completed.

Right to erasure (right to be forgotten)

Each data subject has the right to obtain the erasure of personal data concerning them without undue delay where one of the following grounds applies and the processing is not necessary:

• the data is no longer necessary in relation to the purposes for which it was collected;
• the data subject withdraws consent and there is no other legal ground for the processing;
• the data subject objects to the processing and there are no overriding legitimate grounds;
• the personal data has been unlawfully processed;
• erasure is required for compliance with a legal obligation;
• the data was collected in relation to the offer of information society services.

Right of restriction of processing

Each data subject has the right to obtain restriction of processing where the accuracy of the data is contested, the processing is unlawful, the controller no longer needs the data but it is required by the data subject for legal claims, or the data subject has objected pending verification.

Right to data portability

Each data subject has the right to receive the personal data concerning them in a structured, commonly used and machine-readable format, and to transmit it to another controller without hindrance, where the processing is based on consent or a contract and carried out by automated means.

Right to object

Each data subject has the right to object, on grounds relating to their particular situation, at any time to processing based on point (e) or (f) of Article 6(1) of the GDPR, including profiling. Where data is processed for direct marketing purposes, the data subject has the right to object at any time, after which it will no longer be processed for those purposes.

Automated individual decision-making

Each data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects them, except in the limited cases permitted by law or based on explicit consent.

Right to withdraw consent

Each data subject has the right to withdraw consent to the processing of their personal data at any time.

Google Analytics (with anonymisation)

This website has integrated the component of Google Analytics with the anonymiser function. Google Analytics is a web analytics service that collects and analyses data about the behaviour of visitors, mainly for the optimisation of a website. The operator is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

We use the "_gat._anonymizeIp" application, by which the IP address of the data subject is abridged and anonymised within the EU and the European Economic Area. Google Analytics places a cookie that enables analysis of the use of our website; data including the IP address may be transmitted to and stored by Google in the United States. The data subject may prevent cookies via the browser settings, and may object to the collection by installing the browser add-on available at tools.google.com/dlpage/gaoptout. Further information is available in Google's privacy policy.

Google AdWords

This website has integrated Google AdWords, a service for Internet advertising that allows ads to be placed in Google search results and the Google advertising network. The operating company is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

If a data subject reaches our website via a Google ad, a conversion cookie is set. It loses validity after 30 days and is not used to identify the data subject. It is used to create visit statistics that help measure the success of AdWords ads. Personal data, including the IP address, may be transmitted to and stored by Google in the United States. The data subject may prevent and delete cookies via the browser settings and may object to interest-based advertising at google.de/settings/ads.

Payment method: PayPal

This website has integrated components of PayPal, an online payment service provider. The European operating company is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

If the data subject chooses PayPal as the payment option, the data required for payment is automatically transmitted to PayPal — usually first name, last name, address, e-mail address, IP address, telephone number and other data necessary for payment processing. The transmission is aimed at payment processing and fraud prevention. The data subject may revoke consent at any time, without effect on data that must be processed for contractual payment processing. The applicable provisions are available in PayPal's privacy policy.

Legal basis for the processing

Article 6(1)(a) of the GDPR serves as the legal basis for processing for which we obtain consent. Where processing is necessary for the performance of a contract, it is based on Article 6(1)(b). Where we are subject to a legal obligation, processing is based on Article 6(1)(c). In rare cases, processing may be necessary to protect the vital interests of the data subject or another person under Article 6(1)(d). Finally, processing may be based on Article 6(1)(f) where it is necessary for the purposes of our legitimate interests or those of a third party, except where overridden by the interests or fundamental rights of the data subject.

Legitimate interests pursued

Where processing is based on Article 6(1)(f) of the GDPR, our legitimate interest is to carry out our business in favour of the well-being of all our employees and shareholders.

Period of storage

The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfilment or initiation of a contract.

Provision of personal data

The provision of personal data is partly required by law (e.g. tax regulations) or can result from contractual provisions. Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data which must subsequently be processed. Non-provision would have the consequence that the contract could not be concluded. Before personal data is provided, the data subject may contact us to clarify whether provision is required by law or contract and the consequences of non-provision.

Your privacy & contact

If you have any questions about this Privacy Policy or wish to exercise your rights as a data subject, you can get in touch at any time. Please also see our Terms & Conditions.