Photo of a seitling. | © SONNENTOR
Photo of Stinging nettles. | © SONNENTOR
Photo of Willowherb | © SONNENTOR
Photo of Dill | © SONNENTOR
Photo of chives. | © SONNENTOR
Photo of green oats | © SONNENTOR
In the photo you can see lavender. | © SONNENTOR
Photo of the flower of the Common Mallow. | © SONNENTOR

DATA PROTECTION POLICY

1) Legal information in accordance with the General Data Protection Regulation (GDPR)

Information according to Art. 13 GDPR

By means of this data protection declaration, SONNENTOR Kräuterhandels GmbH, Sprögnitz 10, 3913 Sprögnitz - hereinafter referred to as SONNENTOR - would like to inform the readers and users of the website (users) about the type, scope and purpose of the personal data processed. Furthermore, data subjects/users are informed of the rights to which they are entitled by means of this data protection notice.

We know that the careful handling of your personal data is very important to you and appreciate your trust that we handle this data conscientiously.

The terms used in this notice are based on the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

Legal basis of processing

The person responsible processes personal data exclusively on one of the following legal bases:

  • Your consent
  • On a contract basis
  • In the legitimate interest

On the website, data is processed exclusively on the basis of the statutory provisions (GDPR, TKG 2021).

Data processing in connection (web shop, product reviews, booking tool and your user account) is based on Article 6 (1) (b) (performance of contract) GDPR.

If analysis tools are used, the data will be used on the basis of your consent in accordance with Article 6 (1) (a) GDPR and our legitimate interests in accordance with Article 6 (1) (f) GDPR. 

The use of IT data security measures is also based on Art 6 (1) (f) (legitimate interest) GDPR. The legitimate interest in the use of data is the protection of our own IT systems.

Social media plugins are only used with your consent. The legal basis is therefore Art. 6 (1) (a) GDPR. Consent must be given again each time the website is accessed. 

2) Rights of data subjects

You have comprehensive rights under the General Data Protection Regulation, such as:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to oppose (Art. 21 GDPR)
  • Right to revoke consent (Art. 7 (3) GDPR)
  • Right of appeal (Article 77 GDPR)

Please contact us to exercise your rights

* Please enclose an official copy of your ID.

We cannot process requests for data subjects without prior successful identification. For this reason, we ask you to support the identification process accordingly.

If you come to the conclusion that the processing of your data violates data protection regulations or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority, Wickenburggasse 8, 1080 Vienna.

3) Data Collection and Processing

Online inquiries and registrations

You can send inquiries, suggestions and requests to SONNENTOR using various contact forms.

In any case, in order to be able to contact us, it is necessary for you to provide personal data. Without this information, we cannot process your inquiries in a targeted manner.

You acknowledge that the aforementioned data will be processed by SONNENTOR for the purpose of processing or answering your request.

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from receipt of the request

see also: Data transfer to third parties 

Sweepstakes

Various sweepstakes can often be found on our websites.

You expressly acknowledge that SONNENTOR processes the personal data you provide when registering for the competition for the purpose of drawing a prize draw and contacting you (in the event of a win) on the basis of your consent in accordance with Article 6 (1) (a) GDPR will.

The data will be deleted after the competition has been carried out, unless otherwise provided by law.

Complaint management

For the purposes of complaint handling, we collect and store your data and forward it if necessary. The collection, storage and forwarding are therefore carried out for the purpose of fulfilling the contract and on the basis of Art. 6 (1) (b) GDPR and, if necessary, for the purpose of fulfilling a legal obligation of the person responsible on the basis of Art. 6 (1) (c) GDPR. Failure to provide this data may mean that the complaint cannot be processed. 

Further processing will only take place if you have given your consent or there is legal permission. In some cases, we use external service providers based in the European Economic Area to process your data. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to further storage. 

We may transmit personal data from this process to our lawyer and the competent court. This is done in accordance with the legal requirements, insofar as it is necessary to protect our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms, which require the protection of personal data, prevail. 

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from receipt of the request

Job applications

By sending your application to SONNENTOR, you expressly agree that SONNENTOR processes your personal data and is entitled to transmit, process and use this data within the companies belonging to SONNENTOR. The transfer, processing and use are limited to the purposes of personnel search and personnel administration.

The processing can also take place electronically. This is particularly the case if you have submitted your application documents electronically, for example by e-mail or via our careers portal.

If an employment contract results from the application, your transmitted data will be processed in compliance with the statutory provisions.

If, however, no employment contract is created, your application documents will be deleted after a 6-month retention period in accordance with the law, provided that deletion does not conflict with any other legitimate interests.

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR

Storage duration:

  • 6 months from possible erasure 
  • Any further storage will only take place with prior, earmarked consent

Exhibitions/trade fairs

At trade fairs, we may collect personal data for the purpose of subsequent contact regarding the topics discussed at the trade fair.

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from receipt of the request

Press mailing list

We offer you the opportunity to subscribe to our press mailing list. For this purpose, we collect personal data concerning you, which we use exclusively for the distribution of press articles. 

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR

Storage duration:

  • Until revoked with effect for the future

Franchise partnership request

You can express your interest in a franchise partnership.

In order for us to be able to process your request in a targeted manner, it is necessary for you to provide personal data.

You acknowledge that the aforementioned data will be processed by SONNENTOR for the purpose of processing or answering your request.

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from receipt of the request

Zukunftsscheine

As part of the Future Vouchers participation, we collect and store your data and forward it if necessary. The collection, storage and forwarding are therefore carried out for the purpose of fulfilling the contract and on the basis of Art. 6 (1) (b) GDPR and, if necessary, for the purpose of fulfilling a legal obligation of the person responsible on the basis of Art. 6 (1) (c) GDPR. Failure to provide this data may mean that the complaint cannot be processed.

The data will only be used to process and send the voucher. The voucher code is sent annually by email. The term for this is 5 years. Sometimes we use external service providers to process your data. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. The service providers will not pass this data on to third parties, but will delete it after the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to further storage. 

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from receipt of the request 

Server logs

When you visit this website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer,
  • date and time of access,
  • name and URL of the retrieved file,
  • origin website (referrer URL),
  • browser used and, if applicable, the operating system of your computer and the name of your access provider.

 

The possibility of using this data on the legal basis of Article 6 (1) (f) GDPR for purposes such as

  • ensuring a smooth connection to the website,
  • ensuring comfortable use of our website,
  • the evaluation of system security and stability as well as
  • for other administrative purposes

as it is currently perceived by us. Under no circumstances will the collected data be used to draw conclusions about your person.

4) Data transfer/data transmission


Data transfer to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Article 6 (1) (a) GDPR,
  • the transfer according to Article 6 (1) (f) GDPR is necessary to safeguard operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation to pass on data pursuant to Article 6 (1) (c) GDPR, and
  • this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 (1) (b) GDPR.


The data controller may share your personal data with suppliers who perform services on our behalf in accordance with our instructions. 

The data controller may also share your personal information with our affiliates and partners. 

In addition, the data controller may disclose your personal information if we are required to do so by law, legal or regulatory obligation, or if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss.

The data controller reserves the right to port personal information we have about you if we sell or transfer all or a portion of our business or assets (including in the event of a reorganisation, dissolution or liquidation).

Data transfers

The data controller may also transfer your personal data to countries outside the country where the information was originally collected. These countries may not have the same data protection laws as the country where you originally provided the personal information. When we transfer your information to other countries, we protect that information as described in this Privacy Policy and such transfers are governed by applicable law.

The countries to which we transfer the personal data are located

  • within the European Union or
  • outside the European Union

If we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer takes place on the following basis:

  • an adequacy decision by the European Commission;
  • In the absence of such due to other legally permissible reasons such as the existence of a legally binding and enforceable document between the authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, data can also be transferred on the basis of Art. 49 GDPR:

  • Art. 49 (1) (a) GDPR
    the data subject has expressly consented to the proposed data transfer after being informed of the possible risks for them of such data transfers without the existence of an adequacy decision and without suitable guarantees,
  • Article 49 (1) (b) GDPR
    the transmission is necessary for the performance of a contract between the data subject and the person responsible or for the implementation of pre-contractual measures at the request of the data subject,
  • Article 49 (1) (c) GDPR
    the transmission is necessary for the conclusion or performance of a contract concluded in the interests of the data subject by the person responsible with another natural or legal person.

5) Newsletters

You can give your consent to receive various newsletters.

When registering in the web shop, you can consent to the sending of newsletters by clicking on the checkbox in the corresponding field ("Sign up for newsletter"). Furthermore, you can also agree to the sending of newsletters independently of registering for the web shop. In this case, the title, first name, last name and e-mail address must be disclosed.

You consent to the aforementioned personal data being processed by SONNENTOR for the purpose of sending information about offers, product innovations, competitions in accordance with Article 6 (1) (a) (b) (f) GDPR.

SONNENTOR can arrange for your personal data to be passed on to data processors. Your personal data will be processed by the data processor exclusively on our instructions and for the defined purpose.

The consent you have given can be revoked at any time in accordance with Art. 6 (2) (c) GDPR without affecting the legality of the processing carried out on the basis of the consent up to the revocation. You can also unsubscribe from the newsletter at any time by clicking on Unsubscribe from any newsletter/mailing.

If you revoke your consent in accordance with Article 6 (2) (c) GDPR, your personal data will be blocked or erased as a matter of routine and in accordance with the statutory provisions, unless the law provides otherwise.

Double opt-in and logging

The registration for our newsletter takes place according to the double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration.

The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes storing the time of registration and confirmation as well as the IP address.

Statistical survey and analysis

When you access the newsletter, technical information, such as information about your browser and your system, as well as your IP address and time of access, is initially collected. This information is used to technically improve the services based on the technical data or the target groups and your reading behaviour based on their retrieval locations (which can be determined using the IP address) or the access times.

The statistical surveys also include determining whether the newsletters are opened, when they are opened, and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our aim to monitor individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Newsletter tracking

Our newsletters contain so-called tracking pixels (web bugs), which we can use to recognise whether and when an e-mail was opened and which links in the e-mail were followed by the personalised recipient. This data is stored by us so that we can optimally tailor our newsletter to the wishes and interests of our subscribers. Accordingly, the data collected in this way is used to send personalised newsletters to the respective recipient. We ask for your consent in this regard as follows: "Consent to the newsletter according to GDPR." With the revocation of the consent to receive the newsletter, the consent to the aforementioned tracking is also revoked.

6) Web shop

Registration is possible in order to be able to order goods in the web shop more easily and quickly. An online purchase is also possible as a guest, but personal data will also be requested here. When registering in the web shop, different information must be provided. 

Without this information, we cannot finally offer the functions in the online shop. A transfer of data to our business partners such as payment service providers and delivery services is - with the exception of Click & Collect - also necessary and part of the fulfilment of the contract.

Legal basis:

  • Consent in accordance with Article 6 (1) (a) GDPR
  • Fulfilment of the contract and pre-contractual measures in accordance with Article 6 (1) (b) GDPR

Storage duration:

  • 7 years from last transaction

see also: Data transfer to third parties

7) Existing customer marketing

We also use the e-mail address that you have provided in connection with the purchase of our goods or the use of one of our services to send you information about our own similar goods and services. The legal basis for this is our legitimate interest according to Article 6 (1) (f) GDPR. Our legitimate interest lies in increasing sales by advertising to existing customers in compliance with the provisions of § 174 TKG. 

You can object to the sending of these e-mails at any time by sending an e-mail to datenschutz@sonnentor.com or by using the unsubscribe link which can be found in every e-mail, without incurring any costs other than the transmission costs according to the basic rates. Upon receipt of your objection, we will immediately stop sending these emails.

8) Cookies

See cookie settings.

9) SSL encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognise an encrypted connection by the character string "https://" and the lock symbol in your browser bar.

10) Modifications or additions

We reserve the right to make changes or additions to the information content at any time and without prior notice. If parts or individual formulations of this text do not, no longer or not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.

 

Data protection statements of SONNENTOR companies


Status 06/2022