§ 1 General – Information on the collection of personal data
- In the following we inform you in accordance with Art. 12 ff. GDPR about how we handle your personal data when you use our website. In particular, this privacy policy explains what data we collect and what we use it for. It also informs you how and for what purpose this is done.
- We treat personal data confidentially and in accordance with the statutory data protection regulations and on the basis of this privacy policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
- When you use this website, various personal data are processed depending on the type and scope of use. Personal data is information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly (e.g. by reference to an online identifier). This includes, for example, information such as name, address, telephone number, date of birth or user behaviour.
§ 2 Name and address of the controller
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.). The controller within the meaning of Art. 4 No. 7 GDPR and the applicable national data protection laws (in particular BDSG) as well as other data protection regulations is (see also our legal notice):
vitagroup AG
Gottlieb-Daimler-Straße 8
68165 Mannheim, Germany
Phone: +49 (0) 621 121 849-0
E-mail: info@vitagroup.ag
§ 3 Contact details of the data protection officer
We have appointed a data protection officer for our company.
You can reach him at:
The Data Protection Officer
vitagroup AG
Gottlieb-Daimler-Straße 8
68165 Mannheim, Germany
E-mail: datenschutz@vitagroup.ag
§ 4 Your rights
- You have the following rights vis-à-vis us with regard to your personal data:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to the processing
- Right to data portability
2. You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
§ 5 Collection of personal data when visiting our website
- For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your browser so that our website can be displayed in your browser and you can use the website. This information is automatically collected each time you visit our website and automatically stored in so-called server log files. These are:
- IP address
- Date and time of the server request
- Browser type and browser version
- Referrer URL
- Host name of the accessing computer
- Operating system used
- The storage of the aforementioned access data is necessary for technical reasons in order to provide a functional website and to ensure system security. This also applies to the storage of your IP address, which is necessary and, under further conditions, can at least theoretically enable an assignment to your person. In addition to the above-mentioned purposes, we use server log files exclusively for the needs-based design and optimisation of our website for purely statistical purposes and without drawing any conclusions about your person. This data is not merged with other data sources, nor is it analysed for marketing purposes.
- The access data collected as part of the use of our website is only stored for the period for which this data is required to fulfil the aforementioned purposes. Your aforementioned access data is stored on our web server for a maximum of 10 days for IT security purposes.
- If you visit our website to find out about our range of services or to use them, the legal basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or for the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the temporary storage of technical access data. Our legitimate interest here is to be able to provide you with a technically functioning and user-friendly website and to ensure the security of our systems.
§ 6 Contact by e-mail
- We offer you the option of contacting us directly by e-mail using the link provided on the website. If the software you are using supports this, clicking on the link to our e-mail address will open your e-mail processing programme directly and you can write to us by e-mail.
- It is necessary to provide a valid e-mail address so that we know who sent the enquiry and can respond to it. Further information can be provided voluntarily.
- Please note that confidentiality cannot be guaranteed with unencrypted e-mails. In particular, you should therefore not send us any sensitive information, such as information about your state of health, by e-mail.
- Data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent or in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR for the fulfilment of a contract or for the implementation of pre-contractual measures.
- We delete the data collected in this context after storage is no longer necessary (usually after your enquiry has been fully dealt with), or restrict processing if there are statutory retention obligations. If you engage us as part of your contact, you will receive further information on data processing from us.
§ 7 Contact form
- At various points on our website, we offer you the opportunity to obtain more detailed advice on specific topics that have caught your interest. You can use our contact form for this purpose.
- The contact form requires you to enter your first name and surname, your company, your position in the company and your e-mail address. The provision of further, separately marked data is voluntary and is used to address you more personally or to be able to advise you more specifically if you also write a message to us. We store the data you provide for the purpose of contacting you on the requested topic or to answer your specific questions in this regard and for the purpose of making further contact for marketing measures. The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
- You can revoke your consent to further contact at any time for the future. You can declare your revocation by clicking on the link provided in every e-mail or by sending a message to the contact details given in the legal notice.
- The personal data collected by us in connection with the contact form will be deleted if you revoke your consent and there is no other legal basis for the processing.
§ 8 Retrieval of white paper
- You have the option of accessing white papers via our website, which we use to inform you about current and interesting health topics. Some white papers may be preceded by a form in which we ask you to provide some data. The following information applies to these white papers.
- The only mandatory information for requesting a white paper is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. We store your e-mail address and any other data you provide voluntarily for the purpose of contacting you on the topic of the respective white paper and for the purpose of further contact for marketing measures. The legal basis is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
- You can revoke your consent to further contact at any time for the future. You can declare your revocation by clicking on the link provided in every e-mail or by sending a message to the contact details given in the legal notice.
- The personal data collected by us in connection with the white paper will be deleted if you revoke your consent and there is no other legal basis for the processing.
§ 9 Processing of data from your end devices (cookies and other technologies)
1. In addition to the above-mentioned data, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your end device. When you access our website and at any time thereafter, you have the choice of whether you generally allow the setting of cookies and other technologies (hereinafter “cookies”) or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical point of view (2.) before going into more detail about your individual choices by describing technically necessary cookies (3.) and cookies that you can voluntarily select or deselect (4.).
2. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the organisation that sets the cookie. Cookies cannot execute programmes or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly. This website uses the following types of cookies, whose function and legal basis are explained below:
• Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or by logging out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the shared session and your computer can be recognised when you return to our website.
• Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies set and the duration at any time in your browser settings and delete the cookies manually.
• Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as analysing your browser settings. As a result, we may also use the technologies described below. Here, you may also give your consent or object.
3. Mandatory functions that are technically necessary for the functionality of the website: The technical structure of the website requires that we use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely correctly) or the support functions could not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The individual cookies can be seen in the Consent Manager. The legal basis for this processing is § 25 para. 2 no. 2 TTDSG (Telecommunications-Telemedia Data Protection Act).
4. Optional cookies if you give your consent: We only set various cookies after you have given your consent, which you can select via the Consent Manager when you first visit our website. The functions are only activated if you give your consent and can be used in particular to enable us to analyse and improve visits to our website, to make it easier for you to use different browsers or end devices and to recognise you when you visit us again. The legal basis for this processing is § 25 para. 1 TTDSG in connection with Art. 6 para. 1 sentence 1 lit. a GDPR. You can revoke your consent at any time without this affecting the lawfulness of processing up to the point of revocation.
5. The functions we use, which you can select and revoke individually via the Consent Manager, are described below.
§ 10 Integration of YouTube videos
- Our website uses plugins from the YouTube video platform to embed videos and play them directly on our website. The video platform is operated by YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (“YouTube”). YouTube is a company affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
- By default, the videos embedded on our website only display a preview with data protection information. The platform operator does not yet receive any personal data from you. Only when you actively click on the preview and thus consent to the data processing, a connection to the YouTube servers will be established and a data transfer will be started (so-called two-click solution).
- We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behaviour. YouTube uses cookies to collect information about user behaviour. The cookies remain on your end device until you delete them. You can prevent YouTube from storing cookies by making the appropriate settings in your browser software.
- If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
- YouTube is used in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. You can revoke your consent for the future at any time via the Consent-Manager.
- YouTube and Google also process your personal data in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities, for example for monitoring and surveillance purposes, and possibly without legal recourse. With your voluntarily granted consent, in addition to the use of the plug-in by us, you also consent to the processing of your data in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent for the future at any time via the Consent-Manager.
- Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
§ 11 Integration of Vimeo videos
- Our website uses plugins from the video platform Vimeo to embed videos and play them directly on our website. The video platform is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”).
- By default, the videos embedded on our website only display a preview with data protection information. The platform operator does not yet receive any personal data from you. Only when you actively click on the preview and thus consent to the data processing, a connection to the Vimeo servers will be established and a data transfer will be started (so-called two-click solution).
- We have no influence on the scope and content of the data that is transmitted to Vimeo and possibly other Vimeo partners by activating the plugin. Among other things, the Vimeo server is informed which of our pages you have visited. According to Vimeo, this information is used, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour. Vimeo uses cookies to collect information about user behaviour. The cookies remain on your end device until you delete them. You can prevent Vimeo from storing cookies by making the appropriate settings in your browser software.
- If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account before activating the play button.
- Vimeo is used in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent. You can revoke your consent for the future at any time via the Consent-Manager.
- Vimeo also processes your personal data in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities, for example for monitoring and surveillance purposes, and possibly without legal recourse. With your voluntarily granted consent, in addition to the use of the plug-in by us, you also consent to the processing of your data in the USA in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent for the future at any time via the Consent-Manager.
- Further information on the purpose and scope of data collection and its processing by Vimeo can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://vimeo.com/privacy.
§ 12 Integration of SoundCloud players
- Players of the online music service SoundCloud are integrated on our website in order to be able to play audio files directly on our website. The operator of the service is SoundCloud Global Limited & Co KG, Rheinsberger Str. 76/77, 10115 Berlin, Germany, dataprotection@soundcloud.com (“SoundCloud”).
- By default, the players embedded on our website only display a preview with data protection information. The platform operator does not yet receive any personal data from you. Only when you actively click on the preview and thus consent to the data processing, a connection to the SoundCloud servers will be established and a data transfer will be started (so-called two-click solution).
- We have no influence on the scope and content of the data that is transmitted to SoundCloud and possibly other SoundCloud partners by activating the player. Among other things, SoundCloud is informed which of our pages you have visited. According to SoundCloud, this information is used, among other things, to collect usage data for analysis purposes. SoundCloud uses cookies and other technologies to collect information about user behaviour. The cookies remain on your end device until you delete them. You can prevent SoundCloud from storing cookies by making the appropriate settings in your browser software. For more information on the use of cookies and the associated technologies by SoundCloud, please visit https://soundcloud.com/pages/cookies.
- If you are logged into your SoundCloud account, you enable SoundCloud to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your SoundCloud account before activating the player.
- SoundCloud players are used in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily granted consent. You can revoke your consent for the future at any time via the Consent-Manager.
- SoundCloud also processes your personal data outside the EU/EEA, for example in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data may be processed by US authorities, for example for monitoring and surveillance purposes, and possibly without legal recourse. With your voluntarily granted consent, in addition to the use of the player by us, you also consent to the processing of your data outside the EU/EEA, in particular in the USA, in accordance with Art. 49 para. 1 sentence 1 lit. a) GDPR. You can revoke your consent for the future at any time via the Consent-Manager.
- Further information on the purpose and scope of data collection and its processing by SoundCloud can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://soundcloud.com/pages/privacy.
§ 13 Use of the SalesViewer technology
- This website uses the SalesViewer technology of SalesViewer GmbH, Huestr. 30, 44787 Bochum, Germany, to collect and store data for marketing, market research and optimisation purposes on the basis of our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR).
- For this purpose, a javascript-based code is used to collect company-related data and use it accordingly. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymised and is not used to personally identify the visitor to this website.
- The data stored within the framework of SalesViewer will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.
- You can object to the collection and storage of data at any time with effect for the future by clicking on the link https://www.salesviewer.com/opt-out or by deselecting the function via our Consent-Manager to prevent future collection by SalesViewer® within this website. When you click on the link, an opt-out cookie for this website is stored on your device. If you delete your cookies in this browser, you must click this link again.
§ 14 Web tracking using Google Analytics (via Google Tag Manager)
- This website uses Google Analytics, a web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
- We use Google Tag Manager to simplify management of the tool. Various Google tools can be controlled with the Google Tag Manager. With the Tag Manager itself, which implements the tags (programme logic/code snippets), no user profiles are created or cookies stored, for example. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager.
- The purpose of our use of Google Analytics is to enable us to analyse your user interactions on websites and to use the statistics and reports obtained to improve our offering and make it more interesting for you as a user.
- We primarily record the interactions between you as a user of the website and our website using cookies, device/browser data, IP addresses and website or app activities. In Google Analytics, your IP addresses are also recorded to ensure the security of the service and to provide us as the website operator with information about the country, region or location from which the respective user originates (so-called “IP location determination”). For your protection, however, we use the anonymisation function (“IP masking”), i.e. Google shortens the IP addresses by the last octet within the EU/EEA.
- Google acts as a processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to a Google server in the USA and processed there. Google is certified in accordance with the EU-US Data Privacy Framework, which guarantees legally secure data transfer. We have also agreed so-called standard contractual clauses with Google, the purpose of which is also to maintain an appropriate level of data protection in the third country.
- The legal basis for the collection and further processing of the information (which takes place for a maximum of 14 months) is your consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can revoke your consent at any time without this affecting the lawfulness of processing up to the point of revocation. In apps, you can reset the advertising ID in the Android or iOS settings. The easiest way to revoke your consent is via our Consent-Manager or by installing the Google browser add-on, which can be accessed via the following link: https://tools.google.com/dlpage/gaoptout?hl=de/.
- You can find more information on the scope of services provided by Google Analytics at https://marketingplatform.google.com/intl/de/about/analytics/features/. Google provides information on data processing when using Google Analytics at the following link: https://support.google.com/analytics/answer/6004245?hl=de/. General Information on data processing, which, according to Google, should also apply to Google Analytics, can be found in Google’s privacy policy at https://policies.google.com/privacy?hl=de&gl=de.
§ 15 Google Conversion Tracking (via Google Tag Manager)
- We use Google Analytics with the additional application “Google Conversion Tracking”.
- We use Google Tag Manager to simplify management of the tool. Various Google tools can be controlled with the Google Tag Manager. With the Tag Manager itself, which implements the tags (programme logic/code snippets), no user profiles are created or cookies stored, for example. Google only learns the IP address of the user, which is necessary to run the Google Tag Manager.
- Google Conversion Tracking is a process that allows us to track the actions of visitors to our website, such as how often links on our website are clicked. For this purpose, the links are provided with a technical provision, e.g. an ID, with which we can determine how a user interacts after clicking on the links and whether one of our services is actually utilised. This provides us with statistical information about the total number of links clicked, which links are particularly popular and, if applicable, further information about the consequences of the links.
- The legal basis for the processing of your data in this respect is also Art. 6 para. 1 sentence 1 lit. a GDPR, i.e. the integration only takes place with your consent. You can prevent or stop using the conversion tracking function in the same way as previously described for Google Analytics, in particular via our Consent-Manager.
§ 16 Further processing purposes
- We also process your personal data in order to fulfil other legal obligations that may apply to us in connection with our business activities. These include, in particular, retention periods under commercial or tax law. Thereby, we process your personal data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR to fulfil a legal obligation to which we are subject.
- We also process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Finally, we process your personal data insofar as this is necessary for the defence against or prosecution of criminal offences. We process your personal data to protect our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, insofar as we assert legal claims or defend ourselves in legal disputes or we prevent or investigate criminal offences.
§ 17 Duration of data storage
We initially process and store your personal data for the duration for which the respective purpose of use requires corresponding storage (see above for the individual processing purposes). This may also include the periods for the initiation of a contract (pre-contractual legal relationship) and the fulfilment of a contract. On this basis, personal data is regularly deleted as part of the fulfilment of our contractual and/or legal obligations, unless its temporary further processing is required for the following purposes:
- Fulfilment of statutory retention obligations, e.g. arising from the Commercial Code (§§ 238, 257 para. 4 HGB) and the Fiscal Code (§ 147 para. 3, para. 4 AO). The retention and documentation periods specified there are up to ten years.
- Preservation of evidence, taking into account the statute of limitations. According to §§ 194 et seq. of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
§ 18 Objection to the processing of your data
Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in each case in the description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either discontinue or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
§ 19 Amendment of this privacy policy
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this privacy policy. You can access the current data protection declaration at any time on the website under data protection.
***
– These notices are provided in a German and an English version. In case of doubt about the interpretation of the notices, only the German version is decisive. –