We are pleased that you are interested in Herbliz and thank you for your trust. Trust is important to us and therefore the protection of your privacy when using our website is important to us. We always treat your data with the utmost confidentiality and, of course, comply with all relevant legal provisions.
In this Privacy Policy, we inform you about the processing of personal data when using our website.
Personal data is information relating to an identified or identifiable person. This includes, in particular, information that enables us to draw conclusions about your identity, such as your name, your telephone number, your address or your e-mail address. Statistical data that we collect, for example, when you visit our website and that cannot be associated with your person does not fall under the concept of personal date.
You can print or save this Privacy Policy by using the usual functionality of your browser.
Contact person and so-called controller for the processing of your personal data when visiting this website within the meaning of the EU General Data Protection Regulation (GDPR) is the
NGPH GmbH
Humboldtstraße 62
22083 Hamburg
Email: contact@herbliz.com
For all questions regarding data protection in connection with the use of our website, you can also contact our data protection officer at any time. They can be reached under the above postal address as well as under the previously specified e-Mail address (keyword: "attn. Data protection officer").
Every time you use our Website, we collect the access data that your browser automatically transmits in order for you to visit the Website. The access data includes the following:
● IP address of the requesting device;
● Date and time of the request;
● Address of the website you called up and the querying website;
● Information about the browser and operating system used;
● Online identifiers (e.g., device identifiers, Session IDs)The processing of this access data is necessary to enable your visit to the website and to ensure the long-term functionality and security of our systems. The access data is also temporarily stored in internal log files for the purposes described above in order to compile statistical information about the use of our website, to develop our website with regard to the usage habits of our visitors (e.g. when the proportion of mobile devices with which the pages are accessed increases) and for general administrative maintenance of our website. Legal basis is art. 6 para. 1 S. 1 lit. b GDPR.
The information stored in the log files does not allow any direct conclusions to be drawn about your person, we specifically only store the IP addresses in shortened, anonymised form. The log files are stored for 30 days and archived after subsequent anonymisation.
You have different ways to get in touch with us. In this context, we process your data transmitted in the course of establishing contact exclusively for the purpose of communication with you. Legal basis is art. 6 para. 1 lit. b GDPR. The data collected by us will be automatically deleted after complete processing of your request, unless we still need your request to fulfill contractual or legal obligations (see the "storage period" section).
We use Olark, a customer service platform of Habla, Inc., to process customer inquiries., 205 ½ N Main St., Ann Arbor, MI 48104, USA ("Olark"). The data of the customer request and your contact details are collected so that we can process your contact request. The legal basis for this data processing is art. 6 para. 1 lit. f GDPR.
Olark also uses cookies and similar technologies. The data collected in this context can be transferred to an Olark Server in the USA and stored there. In the event that personal data is transferred to Olark in the USA, Olark is subject to the EU-US Privacy Shield.
You can prevent the installation of cookies by setting your browser software accordingly. Further information can be found under "Cookies". More information about Olark can be found in Olark's privacy policy.
You have the opportunity to register for our login area in order to be able to use the full functionality of our website (e.g. orders in our online Shop, excluding guest orders). We have highlighted the mandatory data to be provided by you by marking them as mandatory fields. Without this data, registration is not possible. The legal basis of the processing is art. 6 para. 1 lit. b GDPR.
When processing orders we collect the following mandatory information necessary for the execution of the contract:
● Salutation;
● First and last name;
● Date of birth (only for some payment methods);
● E-Mail Address;
● Password;
● Billing and shipping address;
● Payment Information, Payment Data.Without this data, registration is not possible. Optional information such as telephone and fax numbers are possible, so that we can contact you in these ways if you have any questions. The legal basis of the processing is art. 6 para. 1 S. 1 lit. b GDPR.
We offer commonly used payment methods for order placed online (Klarna Sofortüberweisung (immediate payment), Klarna Rechnung (pay in 24 days), Klarna Ratenzahlung(pay in instalments)). We work with various payment service providers from whom we receive your payment data or to whom we transmit your payment data. Without these payment data and payment service providers, payment and contract processing is not possible. The legal basis for this data processing is art. 6 para. 1 S. 1 lit. b GDPR.
Our payment service providers include the following:
● payment by invoice; pay by instalment or immediate payment: Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden (www.klarna.com) or payolution GmbH,
● in the case of payment by paydirekt: paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt
If we make advance payments, e.g. in the case of a purchase on finance, we carry out a credit check on the basis of Score values that we obtain from external credit agencies prior to our decision on acceptance of the contract. In this case, the credit check is required to reduce our risk of default or insolvency. Score values are statistically based forecast values about the future risk of a default on a person or company and are presented as a numerical value, such as a percentage or grade. For this purpose, we transmit your data (name, addresses, date of birth) to our credit rating service provider payolution (payolution GmbH, am euro Platz 2, 1120 Vienna, Austria) or Klarna (Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden) for the purpose of credit assessment. Further information on payolution can be found in the payolution privacy policy, further information on Klarna can be found in the Klarna Privacy Policy.
You have the opportunity to order our Newsletter, in which we inform you regularly about innovations to our products and promotions.
To order our newsletter, we use the so-called double opt-in procedure, i.e. we will only send you a newsletter by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided. If you confirm your e-mail address, we will store your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The storage serves the sole purpose of sending you the newsletter and proving your registration.
In addition, we will send advertising mailings to you, in which we ask you for your feedback on your order, for example. The legal basis for this data processing is art. 6 para. 1 lit. f GDPR.
For the purpose of sending our newsletters and advertising mailings, we work with service providers to whom we transmit your e-Mail address and your newsletter registration, among other things, in order to be able to transmit the newsletters and advertising mailings to you. The legal basis for this data processing is art. 6 para. 1 S. 1 lit. b, f GDPR.
You can unsubscribe from the Newsletter and advertising mailings at any time or object to receiving them. A corresponding unsubscribe link can be found in every newsletter and advertising mailing. A message to the contact data specified above or in the newsletter (e.g. by E-mail or letter) is of course also sufficient. The legal basis for the processing is your consent pursuant to art. 6 para. 1 lit. a GDPR.
In our newsletters and advertising mailings, we use market-standard technologies with which the interactions with the newsletters can be measured (e.g. opening the e-Mail, clicked links). We use this data in pseudonymous form for general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics embedded in the newsletter (so-called pixels). The data is collected exclusively in pseudonymised form and is not linked to your other personal data. The legal basis for this is our aforementioned legitimate interest pursuant to art. 6 para. 1 S. 1 lit. f GDPR. We want to use our Newsletter to share content that is relevant to our customers and to better understand what readers are actually interested in. If you do not want your user behaviour to be analysed, you can unsubscribe from the newsletter or disable graphics in your e-mail program by default. The data relating to the interaction with our newsletters are stored pseudonymously for 30 days and then completely anonymised.
When you participate in one of our surveys, we use your data for market and opinion research. We evaluate the data anonymously for internal purposes. If surveys are exceptionally not evaluated anonymously, the data will be collected exclusively with your consent. In the case of anonymous surveys, the GDPR is not applicable and in the case of exceptionally personal evaluations, the legal basis is the aforementioned consent in accordance with art. 6 para. 1 S. 1 lit. a GDPR.
In the context of sweepstakes, we use your data for the purpose of conducting the sweepstakes and the notification of the prize. Detailed information can be found in the conditions of participation for the respective competition. The legal basis for the processing is your consent pursuant to art. 6 para. 1 S. 1 lit. b GDPR.
You can apply for open positions with us at any time. The purpose of the data collection is the selection of applicants for possible reasons for an employment relationship. To receive and process your application, we collect the following data in particular: first and last name, E-mail address, application documents (e.g.: certificates, curriculum vitae), date of earliest possible job entry and salary expectations. The legal basis for the processing of your application documents is art. 6 para. 1 S. 1 lit. b and art. 88, para. 1 GDPR in conjunction with § 26 para. 1 s. 1 BDSG.
For some of our services, it is necessary that we use so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to load viruses onto your computer. Rather, the main purpose of our own cookies is to provide an offer tailored specifically to you and to make the use of our services as time-saving as possible.
Most browsers are set by default to accept cookies. However, you can adjust your browser settings so that cookies are rejected or stored only after prior consent. If you refuse cookies, not all of our offers can function smoothly for you.
We use our own cookies for the following purposes:
● for Login authentication,
● for load distribution,
● for session-spanning storage of your shopping cart
● to note that you have been shown information placed on our website – so that it will not be displayed again the next time you visit the website.We want to enable you to use our website more comfortably and individually. These services are based on our aforementioned legitimate interests, the legal basis is art. 6 para. 1 S. 1 lit. f GDPR.
We also use cookies and similar technologies (e.g. web beacons) from partners for analysis and marketing purposes. This is described in more detail in the following sections.
To improve our website, we use cookies and similar technologies (e.g. Web beacons) for statistical collection and analysis of general user behavior based on access data. We also use analysis services to evaluate the use of our various marketing channels.
The legal basis for the data processing described in the following section is art. 6 para. 1 S. 1 lit. f GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.
In the following list of the technologies used by us, you will also find information on the possibilities to object to our analysis measures by means of a so-called opt-out cookie. Please note that after deleting all bookies in your browser or later using another browser and/or profile, an opt-out Cookie must be set again.
Our Website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses cookies and similar technologies to analyze and improve our website based on your user behavior. The data generated in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to Google in the USA, Google is subject to the EU-US Privacy Shield. However, your IP address will be shortened before the usage statistics are evaluated, so that no conclusions can be drawn about your identity. For this purpose, Google Analytics has been extended on our website by the code "anonymizeIP" in order to ensure an anonymized collection of IP addresses.
Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on website activities for the website operators and to provide other services associated with website and internet use.
You can configure your browser to reject cookies, or you can prevent the collection of data generated by cookies and related to your use of this website (incl. You can prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser add-on provided by Google. As an alternative to the Browser Add-on or if you access our Website from a mobile device, please use this Opt-out Link. This will prevent the collection by Google Analytics within this website in the future (the opt-out only works in the browser and only for this domain). If you delete your cookies on this browser, you must click this link again.
More information can be found in Google's privacy policy.
We also use cookies and similar technologies for advertising purposes. Some of the access data generated when using our website is used for interest-based advertising. By analyzing and evaluating this access data, we are able to present you with personalized advertising on our website and on the websites of other providers. This means advertising that meets your actual interests and needs.
The legal basis for the data processing described in the following section is art. 6 para. 1 S. 1 lit. f GDPR based on our legitimate interest in advertising our products and services in personalized form.
In the following section, we would like to explain these technologies and the providers used for this purpose in more detail.
The data collected includes the following:
● the IP address of the device,
● the date and time of access,
● the identification number of a cookie,
● the device identification of mobile devices
● technical information about the browser and operating system used;However, the collected data is stored exclusively pseudonymously, so that no direct conclusions about the persons are possible.
In the following list of the technologies used by us, you will also find information on the possibilities to object to our analysis measures by means of a so-called opt-out cookie. Alternatively, you can exercise your objection through appropriate settings on the websites Truste or Your Online Choices, which provide bundled objection options from many advertisers. Both sides allow the listed providers to deactivate all ads at once by means of opt-out cookies or alternatively to make the settings for each provider individually. Please note that after deleting all bookies in your browser or later using another browser and/or profile, an opt-out Cookie must be set again.
Our websites use Facebook's so-called conversion and Retargeting Tags (also called "Facebook Pixel") for marketing purposes, a service of Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA ("Facebook"). Facebook Pixels are used to analyse the general use of our websites and to understand the effectiveness of Facebook advertising ("Conversion"). In addition, we use the Facebook pixels to display individualized advertising messages based on your interest in our products ("Retargeting"). Facebook processes data for this purpose that the service collects via cookies and similar technologies on our websites.
The data generated in this context can be transmitted by Facebook to a server in the USA for evaluation and stored there. In the event that personal data is transferred to Facebook in the USA, Facebook is subject to the EU-US Privacy Shield.
In the case you are a member of Facebook, and if you have allowed Facebook to use your account's privacy settings, Facebook may also link the information collected about your visit to us to your member account and use it for the targeted placement of Facebook ads. You can view and change the privacy settings of your Facebook profile at any time. If you are not a Facebook member, you can bind the processing of data by Facebook, and by pressing on the previously mentioned TRUSTe's Website, the deactivation switch for the provider "Facebook". You can also prevent data processing by pressing the following button: CUSTOM OPT-OUT
Facebook will only display general Facebook Ads that are not selected based on the information collected about you if you disable data processing by Facebook.
Further information can also be found in Facebook's data protection regulations.
Our websites use the services "AdWords Conversion Tracking" and "AdWords Remarketing" of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). By means of "AdWords Conversion Tracking", customer actions defined by us are recorded (such as clicking on an ad, page views, Downloads) and analyzed. We use "AdWords Remarketing" to display individualized advertising messages for our products on Google partner websites. Both services use cookies and similar technologies. The data generated in this context can be transmitted by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to Google in the USA, Google is subject to the EU-US Privacy Shield.
If you use a Google account, depending on the settings stored in the Google account, Google may link your web and app browsing history to your Google account and use information from your Google account to personalize ads. If you do not want this assignment to your Google account, it is necessary that you log out of Google before visiting our contact page.
As shown above, you can configure your browser to reject cookies. In addition, you can disable the "personalized advertising" button in Google's advertising settings. In this case, Google will only display general advertising that has not been selected based on the information collected about you.
More information can be found in Google's privacy policy.
We collect data via cookies, which are small text files that are used to uniquely identify your browser. Cookies are placed onto your computer by our system and can later be accessed by our servers to get the statistics we need for site optimization. We also use our own server data logs. Cookies and data logs can indicate user status (new or returning), the version of the browser used, device make and model, session duration, number of pages viewed, landing pages, and other non-personally identifiable information. Cookies and data logs are collected in aggregate and not tied to an individual.
To measure the effectiveness of particular pieces of content, we may use web beacons, also known as clear gifs or web bugs. They are small, pixel-sized graphic objects with unique IDs which are not stored on your hard drive. Instead, a web beacon is inserted into a bit of content to track how users engage with it. The information gathered by web beacons is not personally identifiable.
We may collect your personal data only when you explicitly provide it by registering with our service using a global Yandex account or when filling out a feedback form. The registration data is limited to your first and last name. Submitting your phone number, additional email address and other data is optional. Such information it is used to provide better security for your account (through two-factor authentication), for sending you service notifications about your site’s status (should you wish to receive them), or for more convenient access to Yandex’s services. Rules and policies concerning your global Yandex account and data associated with it can be found in Yandex's general Privacy Policy, which applies to all of Yandex’s services including Yandex.Metrica.
Our website uses social media plug-ins (such as the like button) of the social networks Facebook Inc., 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") and Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA ("Twitter") and Google+ of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Legal basis is art. 6 para. 1 S. 1 lit. f GDPR, based on our legitimate interest that you share our content via social networks and we thereby increase our reach. In the event that personal data is transferred to the USA, Facebook and Twitter are subject to the EU-US Privacy Shield.
Facebook / Twitter / Google receives the Information that you have accessed the corresponding subpage of our online offer. This is done regardless of whether you have an account with Facebook / Twitter / Google and are logged in there. If you are logged in to Facebook / Twitter / Google, this data is directly assigned to your account. If you click on the activated plug-in and, for example, link to the page, Facebook / Twitter / Google will also store this information, including date and time, in your user account and publicly notify your contacts and followers. If you do not wish to be associated with your Facebook / Twitter / Google profile, you must log out before activating the plug-in.
Facebook / Twitter / Google stores this data as user profiles and uses them for the purposes of advertising, market research and/or needs-based design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. As Facebook / Twitter / Google members, you can disable advertising based on social actions, for example in Facebook's advertising preferences. Facebook / Twitter / Google social media Plug-ins can also be completely prevented from loading with additional programs for your browser, e.g. with Facebook Blocker.
Further information can be found in Facebook's data protection information or Twitter's data protection information as well as in Google's data protection information.
The data collected by us will only be passed on if:
● You have given your explicit consent according to art. 6 para. 1 S. 1 lit. a GDPR to this.
● Disclosure according to art. 6 para. 1 S. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to believe that you have an overriding interest worthy of protection in not disclosing your data.
● We are, according to art. 6 para. 1 S. 1 lit. c GDPR, legally obliged to disclose this.
● This is legally permissible and is, in accordance with art. 6 para. 1 S. 1 lit. b GDPR, necessary for the processing of contractual relationships with you or for the implementation of pre-contractual measures that take place on your request.Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, this may include, the following: centers that store our website and databases, IT service providers that maintain our systems, as well as delivery and logistics service providers. If we pass on data to our service providers, they may use the data exclusively for the performance of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound to our instructions, have appropriate technical and organizational measures to protect the rights of the data subjects and are regularly checked by us.
Our website uses Google Analytics, a web analysis service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The Tag Manager is used to manage Tracking Tools and other services, so-called Website Tags. A tag is an element that is stored in the source code of our website in order to collect predefined usage data, for example. Google Tag Manager works without the use of cookies. Google Tag Manager ensures that the usage data required by our partners (cf. the data processing operations described above) are forwarded to them. In some cases, the data is processed on a Google Server in the USA. In the event that personal data is transferred to Google in the USA, Google is subject to the EU-US Privacy Shield. Legal basis is art. 6 para. 1 lit. f GDPR, based on our legitimate interest to easily integrate and manage multiple tags on our website. You can find more information about this in Google's information about Tag Manager.
It may happen that third-party content, such as videos from YouTube, map material from Google Maps, RSS feeds or graphics from other websites are integrated into our website. This always presupposes that the providers of this content ("third-party providers") know your IP address. Without the IP address, you cannot send the content to your browser. The IP address is therefore required for the presentation of this content. The legal basis for this data processing is art. 6 para. 1 lit. b, f GDPR.
We endeavor to use only such content whose respective providers use the IP address solely for the delivery of the content. However, we have no influence on whether the third-party providers store the IP address for statistical purposes, for example.
Additional Information about the Sovendus Voucher Offer
We work with the advertising partner Sovendus (Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe). We are encouraged by Sovendus to provide the following Information:
Voucher offers of Sovendus GmbH: for the selection of a voucher offer that is currently interesting for you, we pseudonymize and encrypt the hash value of your e-mail address and your IP address to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe (Sovendus) (art. 6 para.1 f GDPR). The pseudonymised hash value of the e-mail address is used to consider a possible objection to advertising by Sovendus (art. 21, para.3, art. 6 para.1 c GDPR). The IP address is used by Sovendus exclusively for data security purposes and is usually anonymized after seven days (art. 6 para.1 f GDPR). In addition, , we transmit pseudonymized order number, order value with currency, session ID, coupon code and time stamp to Sovendus for billing purposes (art. 6 para.1 f GDPR). If you are interested in a voucher offer from Sovendus, there is no advertising objection to your e-mail address and click on the voucher banner displayed only in this case, we will transmit encrypted title, name and your e-mail address to Sovendus for the preparation of the voucher (art. 6 para.1 b, f GDPR).
For further information on the processing of your data by Sovendus, please refer to the online data protection information under sovendus.com/en/privacy_policy/.
In principle, we only store personal data for as long as necessary to fulfil contractual or legal obligations for which we have collected the data. After that, we delete the data immediately, unless we need the data until the expiry of the statutory limitation period for evidential purposes for civil claims or due to statutory retention obligations.
For evidence purposes, we must retain contract data for another three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after to the statutory limitation period at the earliest.
Even after that, we still have to store your data partly for accounting reasons. We are obliged to do so because of legal documentation obligations that may result from the Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The deadlines set there for the storage of documents are two to ten years.
You have the right to request information about your personal data processed by us at any time. In the course of providing information, we will explain the data processing and provide you with an overview of the data stored about your person.
If data stored by us is incorrect or no longer up to date, you have the right to have this data corrected. You can also request the deletion of your data. If, by exception, deletion is not possible due to other legal provisions, the data will be blocked so that it is only available for this legal purpose.
You may also have the processing of your data restricted, e.g. if you believe that the data stored by us is incorrect.
You also have the right to data portability, i.e. that we provide you with a digital copy of the personal data provided by you upon request.
In order to make your rights described here valid, you can contact the above contact details at any time. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection.
In addition, you have the right to object to the data processing, which is based on art. 6 para. 1 lit. e or f GDPR. Finally, you have the right to complain to the data protection supervisory authority responsible for us. You may exercise this right with a supervisory authority in the Member State of your residence, place of work or place of alleged infringement. In Berlin, the location of our headquarters, the responsible Supervisory Authority is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.
In accordance with article 7 para. 2 GDPR, the right to revoke a consent given to us at any time. As a result, we will no longer continue the data processing based on this consent for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
Insofar as we process your data on the basis of legitimate interests pursuant to art. 6 para. 1 lit. f GDPR, you have to comply with art. 21 GDPR, the right to object to the processing of your data and to give us reasons that arise from your particular situation and which, in your opinion, speak for a preponderance of your interests worthy of protection. If there is an objection to data processing for direct marketing purposes, you have a general right of objection, which is also implemented by us without stating reasons.
If you would like to make use of your right of revocation or objection, an informal message to the above contact details is sufficient.
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against risks during data transfers and against knowledge gained by third parties. These are updated to the current state of the art. We use Transport Layer Security (TLS), which encrypts the information you provide in order to secure the personal data you provide on our website.
Occasionally, we update this Privacy Policy, for example when we adapt our website or change legal or regulatory requirements.