We are committed to safeguarding the privacy of our website visitors and customers. This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and customers; in other words, where we determine the purposes and means of the processing of that personal data. As far as we have embedded links to third parties, we are not responsible for the protection of your personal data. Please check their privacy policy to inform yourself about their data protection standards.

This document was partly created using a template from SEQ Legal (https://seqlegal.com).

A. General Information

I. Our details

The data controller is:

good goods tegernsee UG (haftungsbeschränkt)

Flößergasse 6a

81369 München

Deutschland

 

Phone:  +49 89 139882 202

E-Mail: hello@reacha.de

CEO:  Florian Zibert

II. Contact of the Data Protection Officer

You can reach our data protection officer at

datenschutz@reacha.de

 

III. Definitions

We want our privacy policy tob e easy to read and to understand. Generally, we are using the officialö definitions of the General Data Protection Regulation (GDPR). The general definitions can be found at Art.4 GDPR.

B. Processing of Data

I. Website service

When you are visiting our website your webbrowser is sending data to our webserver. This data is technically necessary for our website to work. The following data will be collected for the communication between our webserver and your webbrowser:

  • your IP-adress (if applicable, anonymized, by shortening)
  • page requested
  • date and time of the request
  • initial page, from where the request was made
  • access status/http-status (e.g. file transmitted, file not found)
  • browser type
  • language and version of the webbrowser
  • device (desktop, tablet, mobile)
  • operating system
  • data quantity 

We are processing this data to ensure a stable connection to the website and a comfortable use of the website for the visitors. The data may be saved in a logfile. We may use this logfile for improving our system security and stability as well as for administrative purposes. This processing is lawfulness in accordance with Art. 6 I f GDPR.

We are using a shopify shopsystem to run our website. Therefore Shopify Inc. works as our data processor. Shopify is based in Canada. In general Shopify is processing personal data from the EU in Ireland. Nevertheless your personal data may be processed outside of the EU, especially in Canada and the US. Shopify complies with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of personal information from data subjects in the European Economic Area (“EEA”) (Art. 45 I GDPR). For more details followhttps://www.shopify.com/legal/privacy.

 II. Use of  Cookies

1. Data Processing

Our website uses “cookies”, which are text files saved on your computer, to help identify you and analyse how you use the website.

We are using cookies to make our website more user friendly. Some elements of our website require the identification of the browser after a page change.

The following data is collected and processed in our cookies:

  • Language
  • Products in your cart
  • Completed orders
  • Log-In-Information, if applicable

In addition we are using cookies to analyse the use of our homepage.

The following data is collected and processed for that reason:

  • Search terms
  • Number of page requests
  • Use of website functions
  • Landingpages
  • Referrals
  • Date and time per site request

2. Period of storage

Shopify uses two types of cookies. “Session-Cookies“ are only saved for the time of your online visit and deleted automatically afterwards. “Persistent-Cookies” are saved on your computer for a longer period of time. Persistent-Cookies are primarily used to provide returning visitors with recurring  settings in the online store, for example personalized information to improve the comfort and special offers. Most of the cookies of Shopify are Persistent-Cookies. They have a durability of 30 minutes up to two years. To see a detailed list of the cookies used by Shopify follow https://www.shopify.com.au/legal/cookies

3. Purpose and lawfulness of data processing

Provided that implemented cookies process personal data, this data may be processed for the purpose of operating our website, providing our services and generate an efficient and user friendly experience of our website. The legal basis for this processing is either your consent Art.6 I a GDPR or our legitimate interests, namely the proper administration of our website and business Art.6 I f GDPR.

4. Disabling Cookies

You can disable the use of cookies in your browser. Follow the links for detailed instructions.

Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences   

Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies    

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/guide/mdm/managing-safari-cookies-mdmf7d5714d4/web

Opera: http://help.opera.com/Windows/10.20/en/cookies.html

In addition you can manage the cookies and the functions of many companies. Use the following tools to do so: https://www.aboutads.info/choices/  or http://www.youronlinechoices.com/uk/your-ad-choices

Furthermore most of the webbrowser offer you a “Do-Not-Track-Mode”, where you can state that you don’t want to be tracked by website. If activated, the browser will tell marketing networks, websites and applications, that you don’t want to be followed and approached with personalized marketing or similar things. You can follow the links for detailed information on how to set it up in your browser.

Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en-GB

Mozilla Firefox: https://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

Internet Explorer: https://support.microsoft.com/en-gb/help/17288/windows-internet-explorer-11-use-do-not-track  

Opera: http://help.opera.com/Windows/12.10/en/notrack.html

Safari: https://support.apple.com/guide/mdm/managing-safari-cookies-mdmf7d5714d4/web

You can also use additional addons to yor browser to generally stop scripts. For example NoScript is a firefox addon only allows JavaScripts, Java and other plug-ins at domains you choose to be safe. For information and setup instructions follow https://noscript.net/ ).

Please note, that after the deactivation of cookies and scripts our homepage might not work anymore.

III. Data processing when shopping with us

1. Making a purchase

When you checkout an order in our online shop, we will collect the following personal data, in order to fullfill your order:

  • Name,
  • Surname,
  • Titel,
  • Shipping and billing adress,
  • E-Mail Adresse,
  • Phonenumber (optional),
  • Payment details

(„Customer Data“)

Your data will be encrypted with a SSL 256bit encryption (SSL = Secure Socket Layer). The security certification is issued by DigiCert Inc.

We will use this data for preparation and handling of the contracts entered into on our online shop, as well as for customer service. We also use the data to pursue our rights resulting from initiated or concluded contracts with you. Furthermore we may use the data for anonymized market research about our products and services.

Legal basis fort he data processing in connection with the initiation and fulfilment of contracts is Art. 6 I b GDPR, in connection with market research Art. 6 I f GDPR

 In order to offer you a great service and to fullfill our obligations towards you, we may forward your personal data to third parties. We only do this if necessary and we will make sure those third parties will protect your personal data in accordance with the regulations. 

2. Protection of fraud

Shopify is running automatized fraud protection systems. Therefore, the shop system may use the personal data that you provided for entering into the contract (e.g. IP address, ordered articles, name, address, email, payment method, payment details) and data about your device and web browser. For detailed information about the fraud protection system followhttps://www.shopify.com/legal/privacy .

Purpose of this data processing is the prevention and minimization of fraud, debt default, damages and similar risks on the legal basis of Art. 6 I b and f GDPR.

3. Online-Shop Payment

We are offering you different payment methods in our shop and are therefore processing the following personal data.

a. PayPal

We integrated PayPal into our web shop. PayPal is an independent online payment provider. Payments are normally handle through PayPal accounts, which are digital private or business accounts. In addition PayPal offers the possibility of paying by credit card without opening an account. PayPal accounts are connected to your email address and have no account number. PayPal gives you the possibility to send and receive money from and to third parties. Furthermore, PayPal acts as a trustee and offers buyer protection services.

The European entity of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.

When you are using the PayPal payment method in our shop there will be an automated transfer of your personal data to PayPal. You therefore consent to this transfer by choosing this method.

As a general rule the personal data transferred will be your name, surname, shipping address, email address, ip address, phone number and data connected to your purchase such as number of articles, article number, amount due, amount of taxes, billing address etc., as long as they are necessary for the payment.

The purpose of the transfer of personal data is the processing of the payment and fraud prevention. PayPal may transfer your personal data to credit agency for checking your identity and credit rating. This processing is therefore in accordance with Art. 6 I a, b and f GDPR.

PayPal may also transfer your data to sub processors to fulfil their contractual obligations.

You can revoke your consent of processing your personal data anytime towards PayPal. However, this revocation will not affect the processing of the personal data which necessary for the payment processing according to the contract.

You can find PayPal’s Privacy Policy under https://www.paypal.com/de/webapps/mpp/ua/privacy-full .

b. Sofortüberweisung

We also may offer you Sofortüberweisung as a payment method. Sofortüberweisung is a online payment provider. Sofortüberweisung is a service of SOFORT GmbH, Theresienhöhe 12, 80339 München, Deutschland.

When you are using this payment method in our shop there will be an automated transfer of your personal data to Sofortüberweisung. You therefore consent to this transfer by choosing this method.

As a general rule the personal data transferred will be your name, surname, shipping address, email address, ip address, phone number and data connected to your purchase such as number of articles, article number, amount due, amount of taxes, billing address etc., as long as they are necessary for the payment.

The purpose of the transfer of personal data is the processing of the payment and fraud prevention. Sofortüberweisung may transfer your personal data to credit agency for checking your identity and credit rating. This processing is therefore in accordance with Art. 6 I a, b and f GDPR.

Sofortüberweisung may also transfer your data to sub processors to fulfil their contractual obligations.

You can read Sofortüberweisung’s privacy policy when you are making the payment for further information on their data processing. If you have questions you can always send an email to datenschutz@sofort.com or write to SOFORT GmbH, Datenschutz, Theresienhöhe 12, 80339 München.

4. Track and trace

After we have shipped your order, you will get information about the status of shipment from the shipping company. Therefore we will forward your Email and the order id to the shipping company.

We are working together with the following companies:

DHL Vertriebs GmbH (Charles-de-Gaulle-Straße 20, 52113 Bonn, Deutschland), Hermes Logistik Gruppe Deutschland GmbH (Essener Straße 89 22419 Hamburg) and United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss)

If you don’t want us to forward your email to the sipping company, please tell us at: datenschutz@reacha.de

The purpose of transferring the data to the shipping company is for you to know about your shipment and be able to plan the receipt. This is in accordance with Art. 6 I b GDPR.

5. Store Pick Up

Instead of shipment we are offering you the possibility to pick up your prepaid order in one of our stores. We will forward your name, address and order details to the store so they can identify you and hand over your order. This happens in accordance with Art. 6 I b GDPR.

6. Back In Stock

If we are out of stock on certain products, we offer you to inform you, when they are back in stock. You have to provide your email to us for this service and are giving your consent to contact you. This is in accordance with Art. 6 I a GDPR. You can revoke your consent at any time by sending an email to datenschutz@reacha.de.

IV. Newsletter

1. Data processing

a. Subscription

You can subscribe to our free newsletter on our web site. Therefore your email adress, date and time will be processed. By signing up to our newsletter you give your consent to get news on reacha products as well as information on events (e.g. store openings, special events), competitions and special campaigns.
When you are ordering products on our web site you can also give your consent to the above mentioned newsletters by opting in.

b. Open Tracking

We are using Newsletter Tracking. We are collecting data when you are oping our newsletters, which is called Open Tracking. Fort hat purpose their is an invisible graphic embedded in every newsletter. When you are opening the newsletter, the graphic will be downloaded from the servers of our newsletter system provider Mailchimp and the date and time of opening will be stored together with your email. You can provide Open Tracking by deactivating the download of images in your mail client, but then you won’t see any images in our emails.

c. Klick Tracking

We also use Click Tracking on the hyperlinks embedded in our emails. This data is aggregated and will not connected with your email address or other personal data. We are collecting this data for analytics and compliance reasons.

2. Purpose of data processing

We are using your personal data to send you information about our products and service to your email, including personalized offers and information.

 In addition we may use the data for the following purposes:

  • product innovation
  • market anaylitics and benchmarking
  • disclosure of personal data in the course of a due diligence
  • establishment, exercise, defense of legal claims or litigation
  • security investigations and security improvement 

3. Lawfulness

We are sending you the newsletter due to your consent in accordance with Art. 6 I a GDPR.

The additional processing has the purpose of optimizing the effectiveness and attractiveness of our products and service for our customers. This includes personalized information and offers who are more interesting to our customers. The Open Tracking serves the maintenance of our data and to ensure we are only storing active email addresses of customers. Therefore this processing is in our legitimate interests in accordance with Art. 6 I f GDPR.

4. Third parties

We are using Mailchimp.com as our newsletter service provider and integrated its applications in our web site. Mailchimp is based in the U.S. Your data may be transfered and processed outside of the EU especially in the U.S. Mailchimp complies with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of personal information from data subjects in the European Economic Area (“EEA”) (Art. 45 I GDPR). In addition, we entered into a German Data Processing Addendum with Mailchimp (Art. 46 II c, d GDPR). For more details follow https://mailchimp.com/legal/privacy/

5. Period of storage

Your data will be storaged until you unsubscribe from our mailing list.

6. Withdrawal

You can revoke your consent at anytime by unsubscribing from our newsletter list. You can either follow the link provided in every newsletter or send us an email at datenschutz@reacha.de.

V. Direct Communication

You can directly contact us by sending us an email to one of the provided email addresses on our homepage. By sending us this email you are giving us your consent to use your personal data for processing your request. We will process and store all personal data provided by you in this email.

We will solely use this data to process your request. We will only transfer it to third parties if necessary for the processing of your request.

This processing is therefore in accordance with Art. 6 I a GDPR. If the direct communication aims to an order, the processing is also in accordance with Art. 6 I b GDPR.

If you enter into a contract through this email correspondence with us A. III. Of this Privacy Policy applies appropriately.

The data will be deleted when the request is done and there aren’t any retention requirements due to regulations.

You can revoke your consent at anytime by sending an email to datenschutz@reacha.de. In that case we won’t be able to handle your request and the communication will end. We will delete the personal data.

VI. Web analytics und tracking

1. Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files saved on your computer, to help analyse how you use the website. The information generated by the cookie about your use of the website is usually transmitted to and stored on Google servers in the United States.

We have activated the IP anonymisation option offered by Google on this website. This means that your IP address is first shortened by the last 8 bits within member states of the European Union and other signatory states of the agreement in the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services related to website and Internet use for the website operator. The IP address transmitted by your browser through Google Analytics will not be associated with other Google data.

You can prevent cookies from being saved by selecting the appropriate settings in your browser. However, please note that, if you do this, you may not be able to use all the functions of this website to their full extent. Please see section A.II.4. for details

Furthermore, you can prevent Google from recording the data related to your use of the website created by the cookie (incl. your IP address) and from processing this data in future by downloading and installing the browser plug-in under this link: http://tools.google.com/dlpage/gaoptout?hl=en

Deleting this browser plug-in terminates this objection.

Google complies with the EU-U.S. Privacy Shield Framework, regarding the collection, use, and retention of personal information from data subjects in the European Economic Area (“EEA”) (Art. 45 I GDPR). In addition, we entered into an additional Data Processing Agrrement for the EEA with Google (Art. 46 II c, d GDPR). For more details on Googles privacy policy follow https://policies.google.com/privacy  and https://support.google.com/analytics/answer/6004245?hl=en .

2. Google Webfonts

We are using Webfonts of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“) for a coherent presentation of our web site. On your first visit to our web site the necessary Google Font will be downloaded into your browser cache, to display texts and fonts correctly. Generally the font will be downloaded from a server based in the U.S. Therefore the site you are loading and your ip address will be transferred to the server.

We are using Google Web Fonts for the optimization of our web site and to give you the best experience possible. This is our legitimate interest in accordance with Art.6 I f GDPR.

3. Google adwords conversion tracking

We are also using Google Conversion Tracking. In doing so, Google AdWords sets a cookie on your computer, provided you have accessed our website via a Google advertisement. These cookies expire after 30 days and are not used for personal identification. If the user visits specific pages of a website operated by an AdWord customer and the cookie has not expired, Google and the customer can see that the user has clicked the advertisement and was redirected to this page. Every AdWord customer receives a different cookie. Therefore, cookies cannot be traced via the websites of the AdWord's customer. The information obtained with the help of the conversion cookies is used to generate conversion statics for AdWord's customers who have decided to use conversion tracking. AdWord customers are informed on the total number of users who have clicked their advertising and who were redirected to a page featuring a conversion tracking tag. However, they do not receive any information with which users can be personally identified. If you do not want to participate in conversion tracking, you can reject setting the required cookie – for example though the browser settings which generally deactivates the setting of cookies. You can also deactivate cookies for conversion tracking by setting your browser that it blocks cookies from the domain "www.googleadservices.com". You can find Google's privacy policy on conversion tracking here: https://support.google.com/google-ads/answer/1722022?hl=en 

4. Facebook Retargeting

There are remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA, integrated on our pages. When you visit our pages, the remarketing tag establishes a direct connection between your browser and the Facebook server. This means that Facebook receives information that you have used your IP address to visit our pages. This makes it possible for Facebook to assign the visit to our pages to your user account. We can use the information received in this manner for the display of Facebook advertising. We would like to point out that we, as the provider of the pages, do not receive any information on the content of the transmitted data and its use by Facebook. You can find additional information on Facebook's data protection policy under www.facebook.com/about/privacy/ .   

5. Integration of YouTube videos

We have integrated videos of YouTube in our web site. Those videos are stored on http://www.YouTube.com. They autoplay when you are visting our website.  There will be data processed to the youtube servers in the extent as stated in section A.I. of this policy. The processing and transfer of this data is necessary to offer you videos and therefore a great user experience on our website. It is therefore in accordance with Art. 6 I f GDPR.

In addition, if you are logged into a Google account, the personal data will be connected to your user account by Google. You can log out of your google account to avoid this processing. Google will use this data to build a personal user profile and for marketing, market research and service optimization. We have no influence on how Google uses your personal data which is connected to your google account. You can revoke your consent towards YouTube and Google.

Google also processes your data in the U.S. and complies with the EU-US-Privacy-Shield. Please follow https://policies.google.com/privacy?hl=en&gl=de for detailed information.

VII. Transfer of data to third parties

We won’t transfer your data to third parties, except                                                                                                                     

  • when we explicitly declare it in this statement,
  • when you gave us your explicit consent in accordance with Art. 6 I f GDPR
  • when the transfer is necessary for us to pursue our rights and this interest isn’t overridden by your interests or fundamental rights and freedoms
  • when we are obliged by law to transfer your data, Art.6 I c GDPR
  • when it is necessary for the performance of a contract with you or on your request to enter into a contract with us, Art. 6 I b GDPR.

VIII. Period of data storage

In general the storage of your data depends on the basis of legal retention periods. After the relevant period we will delete the data. As far as we have a legitimate interest on the storage of the data, we will delete the data after the purpose was achieved or when you exercise your right of withdrawal or opposition.

C. Principal rights

In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

  • the right to access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to object to processing;
  • the right to data portability;
  • the right to complain to a supervisory authority; and
  • the right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.[ You can access [your personal data] by visiting [URL] when logged into our website.]

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defense of legal claims.

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

To object please send us an email to datenschutz@reacha.de.

To the extent that the legal basis for our processing of your personal data is:

  • consent; or
  • that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,

and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

D. Other

We reserve the right to change this privacy policy from time to time. The current version at the time of your visit apllies.

This privacy policy was last updated on 24.05.2018.