Data protection information
Your personal data is processed by us as we are responsible for the data processing when being used on our websites and then stored for the period required to complete the purpose determined and our statutory obligations. The following informs you on which data is involved and in what way it is processed as well as your respective rights in this regard. Personal data means any information relating to an identified or identifiable natural person pursuant to Art. 4 Nr. 1 General Data Protection Regulation (GDPR).
1. Name and contact details of the person responsible for the processing as well as their representative
This applies for the data processing on all our websites having reference to this data privacy notice.
Swiss Sana AG
Telephone: +423235 84 77
Please direct any questions concerning data protection or your rights as a data subject to our representative.
2. Processing of personal data and purpose of processing
a) When visiting the websites
A visit to our website is possible without providing any information about yourself. The browser used on you terminal device only sends automated information to our website
server (e.g. browser type and version, data and time of access) to enable the website to set up a connection. The IP address of your enquiring terminal device is part of this
process. This information is temporarily stored in a log file and after 52 weeksautomatically deleted.
The processing of the IP address is for technical and administrative purposes related to the connection setup and stability to ensure the security and operational functionality
of our website and to track any unlawful hacking attacks if required.
The basis of legitimate processing of the IP address is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest arises from the previously stated security aspects and the
requirement of ensuring the operative availability of our websites without disruption.
We are not able to establish any reference as to your identity when processing the IP address and other information in the logfile.
In addition cookies and other analytical services are used when visiting our websites. For further details please refer to section 4 and5 of this data protection notice.
Should you wish to order products via our website we collect the following compulsory information:
• country of delivery,
• first name, surname,
• payment details, dependent on the type of payment selected by you (e.g. credit card details, banking details or Paypal account details).
The data is collected
• in order to identify you as one of our contracting partners,
• in order to verify the data input for plausibility,
• in order to process the payment for your order,
• in order to process any claims that occur as well as the enforcement of any claims against you.
The smooth and uncomplicated processing of your order requires the following additional optional data input by you in order to ensure quick response in clarifying any queries:
• details on the type of delivery required (postal address,...),
• mobile phone number,
• fixed line telephone number,
• email address.
Provision of this data is voluntary. Should you provide your mobile number we are able to provide information you on the status of your order by phone or SMS and to contact you at short notice regarding any problems.
You are only contacted on your fixed line number should there be a problem with your order and only speak with you and no one else about your order. We always first try to contact you using your mobile phone number.
Your email address is required to provide an order confirmation and a dispatch reference code. You are only contacted by email should a problem arise in connection with your order.
Data processing commences on receipt of your enquiry and is required for the purposes stated and completion of the contract and preliminary contractual measures pursuant to Art. 6 para. 1 p. 1 lit. b GDPR.
It is possible to add further details during the order procedure (date of birth and relevant details as to how you found us) which assists us in improving our products and to match these to the needs to our customers. The processing of data provided voluntarily is based on Art. 6 para. 1 p. 1 lit. f GDPR and serves to optimize our product range. This purpose is to be considered a legitimate interest in the meaning of the provisions stated.
The personal data collected by us related to the order is stored until the expiry of the statutory guarantee period and then automatically deleted unless we are required pursuant to Art. 6 para. 1 p. 1 lit. c GDPR to store for a longer period for tax and commercial archiving and documentation purposes (as per German commercial code, penal and fiscal code) or you provide your consent to a prolongation of storage pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.
c) Newsletter registration
You are free to register for our newsletter during the ordering procedure. Should you expressly provide your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR, your
email address used for the ordering procedure is also used to regularly transmit our personalized newsletter to you.
You then are sent a notification of registration by email which you need to confirm in order to receive the newsletter (double opt-in). This serves as verification that the registration was indeed initiated by you.
Deregistration is via a link at the end of each newsletter Your email address is immediately deleted after revocation of your consent to the transmission of the newsletter. Alternatively deregistration is possible via email at any time at email@example.com.
d) Registration for our affiliate programThe provision of the following information is compulsory when registering for our affiliate program:
• first name, surname,
• email address,
• telephone number,
• Paypal payment details,
• website URL for banner advertising.
A password is also needed to ensure that you are able to later login to your personal user account. Additionally you have the option of providing your company and tax ID. The data is collected in order to assess whether you should be considered as a contracting partner for our affiliate program and to contact you in this regard if necessary, as well as to make you commission payments on conclusion of a contract.
Data processing commences on receipt of your enquiry and is required pursuant to Art. 6 para. 1 p. 1 lit. b or lit. f GDPR for completion of the contract for our affiliate program and the necessary preliminary contractual measures ( selection of our contracting partner) or to serve the maintenance of legitimate interests for purposes stated.
3. Transmission of data to third partiesYour personal data is transmitted to third parties should this be permissible by law and required pursuant to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of the contractual relationship. This includes especially the transmission to forwarding companies to ensure the delivery of the goods you ordered and transmission of payment details to payment service companies or credit institutions in order to complete the payment procedure. The transmitted data is only to be used by the third party exclusively for the purposes stated.
We only transmit your personal data to third parties, when
• you expressly consent to the transmission pursuant to Art. 6 para. 1 p. 1 lit. a GDPR,
• when there is a statutory obligation to do so under Art. 6 para. 1 p. 1 lit. c GDPR.
when visiting our website. Cookies do not cause any damage to your device, contain no viruses, trojan or other malware.
Most browsers automatically accept cookies. It is possible however to configure your browser not to store cookies on your computer or to always notify you before adding a new cookie. Should you completely block cookies it is possible that not all the functions of our website are available.
5. Web analysis
The lawful basis for the tracking measures we employ is Art. 6 para. 1 p. 1 lit. f GDPR. and are listed below.
The tracking measures used ensure that we provide a needs-orientated design and optimize our websites on an ongoing basis. Tracking measures are also applied to compile the statistical assessment of our websites. The data is then used to optimize the presentation of our website content. These interests are to be considered legitimate in the meaning of the provisions stated above.
The respective purpose for data processing and categorizing is stated in the description relating to the relevant tracking tool.
a) Google Analytics
This website uses Google Analytics, a web analysis service of Google LLC (www.google.com; as follows: ‘Google’). A pseudonymous usage profile is set up and cookies
(see section4) used. The information on your use of this website generated by the cookie, such as
• browser type/version,
• operating system used,
• referrer URL (the previous website visited),
• host name of the accessing computer (IP address),
• time of the server enquiry,
is transmitted to a Google server in the USA and stored there. Google complies with the US Privacy Shield data protection provisions and is registered with the US Privacy Shield program of the US trade ministry. Furthermore we have concluded an order processing agreement with Google for the use of Google Analytics. This agreement ensures Google processes data in compliance with the general data protection regulations and guarantees to protect the rights of the data subject involved. The information is used to analyze the use of our websites, generate reports on website activities and to provide additional services related to website and internet use for market research purposes and to design the website to meet the needs of users.
This information may also be transmitted to third parties where required by law or should third parties be commissioned to process the data. Your IP address is never merged with other Google data. The IP addresses are anonymized ensuring that no match to an individual is possible (IP masking).
It is possible to configure your browser software to prevent cookies from being installed. Please note that by doing so not all the functions of the websites may be fully available.
It is possible to further prevent data generated by the cookie from being collected on your use of this website (incl. your IP address) and the data being processed by Google by downloading and installing a browser add-on.
Besides the browser add-on, particularly with browsers on mobile terminal devices, collection of your data by Google Analytics is also prevented by clicking on this link. An opt-out cookie is then set up in your browser preventing future collection of your data when you visit this website. The opt-out cookie only applies to that browser and only for our website, and is installed on your device. After deleting cookies in this browser you need to reinstall the opt-out cookie.
More information on data protection in connection with Google Analytics is available in the help page of Google Analytics.
b) Matomo (formerly Piwik)
We use the Open Source Software Matomo (formerly Piwik) of InnoCraft Ltd. (www.innocraft.com; as follows: ‘Matomo’) to analyse and statistically evaluate the use
of the websites.
To this purpose cookies are setup (see section 4). All the information generated by the cookie on the usage of the website is transmitted to our server a pseudonymous usage profile is compiled. The information is used to evaluate the website usage and to provide a needs-orientated design for our websites. There is no transmission of information to third parties.
Our websites are based on the possession of your consent pursuant to Art. 6 para. 1 page 1 lit. a GDPR components (videos) of the company YouTube, LLC
(www.youtube.com; as follows: ‘YouTube’), an enterprise of Google LLC.
We make use of the‘extended data privacy mode’, an option provided by YouTube for this purpose.
Should your visit apage which uses an embedded video, then the connection to the YouTube server is set up and the content is displayed by notification to your browser on the internet page.
In accordance with information provided by YouTube your data is only then transmitted to the YouTube server in the USA when you watch the video in the ‘extended data protection modus’ - specifically those of our websites you visit as well as the information specific to the device including your IP address. You consent to this transmission when you click on the video.
Should you be logged in simultaneously to YouTube then this information is assigned to your YouTube membership account. This is prevented by you deregistering from your membership account before you visit our website.
Google complies with the US Privacy Shield data protection provisions and is registered with the US Privacy Shield program of the US trade ministry. More information on data protection in connection with YouTube is available in the data protection provisions of Google.
7. Rights of data subjects
You have the right:
• pursuant to Art. 15 GDPR to request information on your personal data processed by us. You are particularly entitled to request information on the purpose of processing, the category of the personal data, the category of recipient your data is disclosed to, the planned storage period, the right to correction, deletion, limitation of processing or objection, the right of complaint, the source of your data should it not be collected by us, as well as information on automated decision-making including profiling and if required material information relating to their details;
• pursuant to Art. 16 GDPR to request the correction of incorrect personal data stored with us or its completion without undue delay;
• pursuant to Art. 17 GDPR to request the deletion of your personal data stored with us, provided the processing is not required to comply with the right to free speech and information, to satisfy statutory obligations, for purposes of public interest or the assertion, enforcement or defense of legal claims;
• pursuant to Art. 18 GDPR to request the limitation of the processing of your personal data, provided the correctness of the data is disputed by you, the processing is unlawful, you however reject its deletion and we no longer need the data, you however require it for the assertion, exercise or defense of legal claims or you register an objection to the processing pursuant to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to request your personal data provided to us to be maintained in a structured, standard and machine readable format or the transmission to another responsible party;
• pursuant to Art. 7 para. 3 GDPR to revoke your consent provided to us at any time. The consequence is that the processing of data based on your consent is no longer to be continued in the future and
• pursuant to Art. 77 GDPR permits a complaint to the regulatory authority. As a rule contact is with the supervisory authority of your normal place of residence or of our registered office for this purpose.
Should your personal data be processed based on legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to your personal data being processed on the basis of your particular situation or the revocation is related to direct advertising. In the latter case you are entitled to a general right of revocation which we implement without indication of a specific situation. Should you wish to exercise your right of revocation, please email us at firstname.lastname@example.org
8. Data security
All the personal data transmitted by you is transferred encrypted by the commonly accepted and secure Standard TLS (Transport Layer Security). TLS is a secure
and proven standard, also used for example in online banking. A secure TLS connection is recognizable by the additional s after http (i.e. https://...) in the
address bar of your browser or by the lock symbol in the lower area of your browser.
We apply suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously enhanced to correspond with the technological developments.
9. Relevance and amendments to this data privacy notice
This data privacy notice is the latest version dated May 2018.
This data privacy notice is subject to change due to improvements to our website and related offers or due to changes in statutory or regulatory requirements. The latest version of the data privacy notice is available at any time under https://www.phallosan.com/order-now/privacy-policy.html and is printable.