PRIVACY PROTECTION
This privacy policy explains what types of personal data we collect when you use the Website and how we process your data.
1. Responsible person and data protection officer
1.1 The responsible party within the meaning of the EU General Data Protection Regulation (Art. 4 No. 7 DSGVO) is Rapunzel NATURKOST GmbH, Rapunzelstraße 1, 87764 Legau, Germany, phone +49 (0)8330 / 529-0, e-mail info@rapunzel.de (hereinafter "Rapunzel", "we", "our", "us", etc.).
1.2 You can reach Rapunzel's data protection officer at Rapunzel Naturkost GmbH, Attn: Data Protection Officer, Rapunzelstraße 1, 87764 Legau, Germany, phone +49 (0)8330 529-1208, e-mail datenschutzbeauftragter@rapunzel.de.
2. Personal data
Personal data are all information that can be assigned to you individually, directly or indirectly. This includes, for example, your name, address, phone number, fax number and e-mail address. Non-personal data, on the other hand, is information of a general nature that cannot be used to determine your identity. This includes, for example, the number of users of a website.
3. Collection and processing of personal data
3.1 Web server logs (incl. IP address). When you visit our website, our web server automatically records out of technical necessity your IP address, the date and time when you are on the website, the subsites you visit on the website, the internet page you were visiting before, the browser you use (e.g. Mozilla Firefox or Google Chrome), the operating system you use (e.g. Windows 10) as well as the domain name and address of your internet provider (e.g. Deutsche Telekom). If cookies are used on the website, the web server also stores this information.
We process this information as part of our efforts to (i) provide you with the best and most meaningful user experience possible when visiting and using our website and services; and (ii) to optimize the website, its layout and content, and our services. The legal basis for this is our legitimate interest (Art. 6 (1) (f) DSGVO), which includes providing you with the Website and our Services in a form that meets your expectations and needs, on the one hand, and our commercial interests, on the other.
In addition, in the event of system abuse, we may process and use the information collected by the web server in cooperation with your Internet provider and/or local authorities to identify the perpetrator of such abuse. The legal basis for this is our legitimate interest (Art. 6 (1) (f) DSGVO), which includes protecting the integrity of the website, our system and our users.
3.2 Services on our website
Furthermore, we only collect personal data from you if you have voluntarily provided this data to us in order to use one of our offered services (e.g. the inquiry via our contact form, the subscription to our newsletter, the participation in our competitions as well as complaints and objections via the provided form). We process this personal data for the purposes stated below.
a. Contact form
We collect your e-mail address when you send us an inquiry via our contact form. If you optionally provide your title, name, address, country, telephone number and/or a subject and/or write us a text message, we also collect this personal data. We process this personal data in order to process and respond to your inquiry received via the contact form.
The legal basis for this is the fulfillment of pre-contractual measures in response to your request (Art. 6 para. 1 letter b DSGVO).
b. Newsletter
If you have given us your consent, we also collect your e-mail address when you register for our newsletter. If in doing so you optionally provide additional information in the form of your title, name and address, we also collect this personal data. We process this personal data in order to send you our newsletter.
To obtain your consent, we use the so-called "double opt-in" method: After registering for our newsletter, you will receive an E-mail from us asking you to click on the confirmation link contained therein. Only after your confirmation click is your E-mail address activated for receiving our newsletter.
For the administration, dispatch and evaluation of our newsletter, we use the emarsys newsletter service. You can find more information on this under section 4 and section 6.3 below.
You can revoke your consent to receive our newsletter in the future at any time by clicking on the corresponding link in the footer of the newsletter. This does not affect the lawfulness of the processing carried out on the basis of the consent up to your revocation.
The legal basis for this is the consent you have given (Art. 6 (1) a DSGVO and § 7 (2) no. 3 UWG).
c. Complaints and claims
You can send us complaints and claims about our products using the form provided on the website. In this context, we collect your name, address, E-mail address, telephone number, the product in question, its packaging size and expiration date. If you optionally provide additional information in the form with respect to your title, your country and/or the time or the batch of the product in question and/or write us a text message, we will also collect this personal data. We will process this personal data in order to process and respond to your inquiry received via the complaint form.
The legal basis for this is the fulfillment of our contractual obligations (Art. 6 para. 1 letter b DSGVO).
d. Sweepstakes
In the context of our sweepstakes, we will collect your name, address and E-mail address. Depending on the necessity for participation in the respective sweepstakes, we may collect additional personal data. You will find further information on this in the conditions of participation of the respective sweepstakes. We will process all this personal data in order to carry out and process the sweepstakes.
The legal basis for this is the fulfillment of our contractual obligations (Art. 6 para. 1 letter b DSGVO) pursuant to the conditions of participation of the respective sweepstakes.
3.3 Data transmission
We take appropriate measures to secure your personal data. For security reasons and to protect the transmission of confidential content, such as requests that you send to us, this website uses SSL or TLS encryption. You can recognize an encrypted connection by the address line "https://" in your browser as well as by the lock symbol in your browser line.
4. Disclosure of personal data
4.1 We do not disclose your personal data to third parties unless this is necessary for the fulfillment of your request, or otherwise permitted by relevant legal provisions or you have given us your consent.
4.2 Furthermore, we are entitled to outsource the processing and use of personal data in whole or in part within the framework of data protection law requirements to external service providers who act for us as processors (Art. 4 No. 8 DSGVO). If these service providers are located outside the European Union or the European Economic Area (EEA) Treaty Agreement, we will take appropriate security measures in accordance with legal and regulatory requirements to ensure the security of your personal data.
A corresponding overview of these external service providers, including a description of the respective services and the existence of an adequate level of data protection, can be found in the following table:
| Service provider and, if applicable, name of the service |
Description of the service |
Recipient country and appropriate level of data protection. |
|
ascana new media |
Development, maintenance and support of the editorial system of the website |
Germany |
| IT-Informatik GmbH, Business Unit Technology, Magirus-Deutz-Straße 17, 89077 Ulm | Hosting | Germany |
| emarsys – Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin |
Newsletter service for the administration, dispatch and evaluation of our newsletters. |
Germany |
| Google Analytics – Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA | Web analytics for optimizing the platform in the form of recording activities on the platform, evaluating these activities on the basis of user profiles, and creating corresponding reports for us | USA EU-US Privacy Shield certified (https://www.privacyshield.gov/participant? id=a2zt000000001L5AAI&status=Active) |
| status=Active) |
5. Storage period
Your personal data will only be stored by us for as long as is necessary to achieve the purposes for which it was collected or - if there are legal retention periods that go beyond this - for the duration of the legally prescribed retention period. Subsequently, your personal data will be deleted.
6. Web analytics, cookies and other technologies as well as plug-ins and tools
6.1 We want to provide you with an optimal and meaningful user experience. For this reason, we use cookies and other technologies on our platform and as part of our service, in order to (a) better understand how our users use the website and our service; (b) optimize and improve the website and our service; and (c) provide and maintain, to the extent possible and reasonable, a functional and accurate website.
Cookies and other technologies help us in this respect to make your visit to our platform more enjoyable, efficient and meaningful.
Cookies are text information files that are sent from our web server to your computer and stored there when you visit the platform. Most browsers accept cookies automatically, but can also be configured via the browser's settings function not to accept them or to indicate when a cookie is sent. Cookies can be rejected or deleted at a later time. It is not necessary to accept our cookies in order to use the website in general. However, there are certain areas and features on the website that you will not be available to you without cookies.
Instructions for deleting cookies in the most popular browsers can be found in the overview below:
Cookies sind Textinformationsdateien, die von unserem Webserver an Ihren Computer gesendet und dort abgelegt werden, wenn Sie die Plattform besuchen. Die meisten Browser akzeptieren Cookies automatisch, können aber über die Einstellungsfunktion des Browsers so konfiguriert werden, dass sie diese nicht akzeptieren oder darauf hinweisen, wenn ein Cookie gesendet wird. Cookies können abgelehnt oder zu einem späteren Zeitpunkt gelöscht werden. Es ist nicht erforderlich, unsere Cookies anzunehmen, um die Website generell nutzen zu können. Es gibt allerdings bestimmte Bereiche und Funktionen auf der Website, die Sie ohne Cookies nicht benutzen können.
Anleitungen zur Löschung von Cookies in den gängigsten Browsern finden Sie in der nachfolgenden Übersicht:
| Browser | Instructions for deleting cookies |
| Microsoft Internet Explorer | https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies |
| Mozilla Firefox | https://support.mozilla.com/de/kb/cookies-loeschen-daten-von-websites-entfernen?redirectlocale=de&redirectslug=Cookies+l%C3%B6schen |
| Google Chrome | https://support.google.com/chrome/answer/95647?hl=de |
| Apple Safari | https://support.apple.com/?path=Safari/3.0/de/11471.html |
| Opera | http://help.opera.com/Windows/9.10/de/cookies.html |
6.2 The cookies we use on our website can be assigned to the following categories:
a. Technically required session cookies
Session cookies serve as an identifier for a one-time contiguous visit to the website. They are only valid for the current session and are deleted after the browser is closed. No personal data is stored, but only a random number per visit to the website for technical processes in the background.
The legal basis for this is the fulfillment of our contractual obligations (Art. 6 para. 1 letter b DSGVO).
b. Persistent analytics cookies based on usage behavior.
These persistent cookies allow the storage, administration and analysis of information about user behavior obtained through the continuous monitoring of user behavior. Based on usage profiles, the cookies allow us to determine the number of users visiting the website and using our services, as well as the most popular areas of our website. This information is used to improve the website browsing experience and provide you with better services.
The legal basis for this is our legitimate interests (Art. 6 para. 1 lit. f DSGVO). Our legitimate interests in this context are the provision of a user-friendly and meaningful website that meets your expectations and needs, as well as the fulfillment of our commercial interests.
6.3 We use the following services of external service providers that use cookies and other technologies. If you do not agree with such use, you can disable these services on the one hand by rejecting the corresponding cookies in your browser. On the other hand, you can also deactivate the use of a service directly via a corresponding opt-out link or other measures. You will find this opt-out link and, if applicable, other deactivation options in the following overview under the heading "Opt-Out". Additional information on the respective services can be found in the data protection notices etc. of the respective services, which you can access via the respective link in the following overview under the heading "Data protection notices". Under the heading "Recipient countries and appropriate protection measures" you will also find information about the respective recipient country and whether appropriate protection measures exist.
External service providers that carry out tracking measures:
Google Analytics Google LLC, 1600 Amphi-theatre Parkway, Mountain View, CA 94043, USA, E-Mail data-protection-office@google.com, Telefon +1.650.253.0000, Fax +1.650.618.1806
Description of the tracking purpose
Google Analytics performs web analyses of activities on the platform. This involves recording user behavior on the platform and evaluating it on the basis of usage profiles. Subsequently, Google Analytics creates corresponding reports for us (see https://developers.google.com/analytics/ resources/concepts/gaConceptsTrackingOverview# howAnalyticsGetsData). Your IP address is anonymized in this context by shortening the last octet of the IP address.
Privacy policy
http://www.google.com/ intl/de/analytics/ privacyoverview.html
http://www.google.com/analytics/ terms/de.html
Opt-Out: http://tools.google.com/dlpage/gaoptout?hl=en
You can prevent the tracking of your data by Google Analytics by clicking on this link. The click activates an opt-out cookie, that will prevent the tracking of your data when you visit this website in the future : deactivating Google Analytics.
Recipient countries and adequate level of data protection: USA
EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
emarsys Emarsys Interactive Services GmbH, Stralauer Platz 34, 10243 Berlin
Description of the purpose of tracking
emarsys analyzes and evaluates user behavior as part of email marketing campaigns. In doing so, information is collected on whether and when you opened the newsletter as well as which links in the newsletter were clicked, so that we can better assess the perceived success of our E-mail marketing campaigns.
Privacy notice https://www.emarsys.com/de/ privacy-policy/
Opt-out: Opt-out via revocation of consent to receive our newsletter (see section 3.2 letter b above).
Recipient countries and adequate level of data protection: Germany
6.4 Furthermore, the following plug-ins and tools are used on the website:
a. YouTube
Plug-ins of the social network YouTube are used on the website. The operator of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.
When you visit a page of the website equipped with a YouTube plug-in, a connection to the YouTube servers is established. This tells the YouTube server which pages of the website you have visited.
If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
The legal basis for the integration of the YouTube plug-in is our legitimate interests (Art. 6 para. 1 letter f DSGVO), which consist in providing you with an appealing and user-friendly presentation of our website.
For more information on the handling of user data, please refer to YouTube's privacy policy at https://www.google.de/intl/de/policies/privacy. YouTube LLC is EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
b. Google Maps
The website uses the map service Google Maps, of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, via an interface (API).
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google LLC server in the USA and stored there. We have no influence on this data transmission.
The legal basis for the use of Google Maps is our legitimate interests (Art. 6 (1) (f) DSGVO), which consist in providing you with an attractive and user-friendly presentation of our website, in particular to make it easy to find the places we indicate on the website.
More information on the handling of user data can be found in the Google Maps privacy policy at https://www.google.de/intl/de/policies/privacy. Google LLC is EU-US Privacy Shield certified (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
7. Your rights under data protection law
You may have the right to object to the processing of your personal data for specific reasons arising from your particular situation.
Furthermore, you are entitled to the following rights in particular in accordance with the applicable data protection law. To do so, please contact us using the contact details provided in section 1.2. above.
a. Right to information: you have the right to request information about your personal data stored by us at any time.
b. Right to rectification: When we process your personal data, we strive to take reasonable steps to ensure that your personal data is accurate and up-to-date for the purposes for which it was collected. In the event that your personal data is inaccurate or incomplete, you may request that it be corrected.
c. Right to deletion and restriction: you may have the right to request the deletion or restriction of the processing of your personal data if, for example, there is no longer a legitimate business purpose for such processing under this privacy policy or the applicable law and legal retention obligations do not prevent deletion.
d. Right to data portability: where applicable, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format or to transfer this data to another responsible party.
e. Right to revoke your given consent: if you have consented to the collection and processing of your personal data, you may revoke your consent at any time with future effect, but without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation. In addition, you can object to the use of your personal data for the purposes of market and opinion research as well as advertising and unsubscribe from receiving our newsletter (see section 3.2 letter b above).
f. Supervisory authority responsible for possible complaints: furthermore, in the event of a complaint, you can contact the Bavarian State Office for Data Protection Supervision, P.O. Box 606, 91522 Ansbach, phone +49 (0)981 53 1300, fax +49 (0)981 53 98 1300, e-mail poststelle@lda-bayern.de as the supervisory authority responsible for Rapunzel. A list of other supervisory authorities that may be considered can be found at https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
8. Links to other internet pages
8.1 This website also contains links to other internet sites. The data protection declaration described here does not apply to these other Internet sites. We ask you to visit these other Internet sites directly in order to obtain information there about data protection and the handling of your personal data. We cannot be held liable for any actions emanating from these other Internet sites or for their content.
8.2 Our website also contains, among other things, links to our company pages on the social networks Facebook and Instagram. These links are always marked with the logo of the corresponding network.
These are not so-called social plug-ins. Accordingly, when you visit our website, no direct connection is established to the servers of the respective network operator and no web server information (compare Section 3.1 above) is transmitted to the web servers of the respective network operator. The operators of the social networks will therefore not get the information that you are visiting our website.
Something else only applies if you activate one of the links to the social networks. Based on the information that your web server automatically sends to the servers of the respective network operator, the latter can recognize that you have previously visited our website. If you have a user account with the respective social network and are logged in, the respective network operator can also link this information with the information stored in your user account. For information on the further processing of this information by the respective network operator as well as your rights in this regard and setting options for protecting your privacy, please refer to the data protection information of the respective network operator.
| Network | Operator | Privacy Notices |
| Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA | https://de-de.facebook.com/policy.php https://www.facebook.com/help/cookies/?ref=sitefooter |
|
| Instagram LLC, 1601 Willow Rd., Menlo Park, CA 94025, USA | https://help.instagram.com/155833707900388 |
9. Reservation of right to modification
We reserve the right to change this privacy policy at any time in compliance with legal requirements. This may be necessary, for example, to comply with new legal requirements or in the case of new services.
Status: May 2018
