Data protection policy
Data protection policy
Thank you for your interest in our website. The protection of your private sphere is very important to us. The following section provides detailed information on how we handle your data in accordance with Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR).
1. Who is responsible for data processing and who can I contact?
The responsible authority for the collection, processing and use of personal data according to Article 13 of the GDPR is:
Avda. Cortes Valencianas 58
46015 Valencia (hereafter known as: Aminova)
For questions regarding the collection, processing or use of personal information, if you request disclosure, correction, barring or deletion of data or if you would like to revoke your consent, please send an email to: email@example.com.
In addition, you can of course contact us at any time, and free of charge, to receive information about the data we have saved.
2. What data is collected when visiting our webshop?
Upon a visit, the following data is compiled based on Article 6(1)(1)(f) of the GDPR. You can object to the creation of pseudonym-based user profiles.
Web server log files
You can visit our website without having to provide any personal information. We only store access data which is not personally identifiable, such as the browser type and version, the type of operating system used, the referrer URL, the IP address, the file name, access status, the quantity of data transmitted and the date and time of the server request. This information is solely used for improving our internet service and cannot be traced back to you. All of this data is exclusively used for our website statistics. Data is not passed on to third parties. Log files automatically deleted after six months.
You can adjust your browser settings to be informed about the placement of cookies so that you can decide whether to accept them on a case-by-case basis or refuse them altogether. Refusal to accept cookies may restrict the functionality of our website.
3. What resources and data do we use?
We process the data that we receive through our business relationship with you. We receive this data directly from you e.g. when you create a customer account, when ordering and the corresponding payment process of our products as well as by if you contact us via our contact form.
Specifically, we process the following data:
- Name, address and contact details of the customer as well as, where applicable, bank details and credit card data (saved as pseudo credit card numbers),
- Data in connection with the execution of an order,
- Data relating to a friend referral,
- Advertising and sales data (e.g. potentially interesting products for you)
Essentially, the calling up of your data is based on Article 5 of the GDPR.
The pseudonym-based usage profiles created for web analysis, are explicitly not merged with personal data received in the shop as part of the setting up a customer account or an order process.
When setting up a customer account in the webshop, your email address, first and last name and home address will be requested and stored. Your password for opening a customer account is stored in encrypted form. Your password is not available to Aminova and is at least eight characters long, according to the company password policy. You can delete your customer account at any time or request a deletion via the above contact address according to Article 17 of the GDPR, Section 35 of the Federal Data Protection Act (Bundesdatenschutzgesetz).
As part of an order in the webshop, your email address, first and last name and home address will be requested, as well as any different delivery addresses you have specified. Your selected payment method, shipping method, the time of your order and your IP address are saved in the order process. The request is limited to the essential information needed for the purposes of processing (‘Data minimisation’) according to Article 5(1)(c) of the GDPR.
When you select the credit card payment method, your credit card information is encrypted and secured and a reservation is made on your credit card. Your data is stored as so-called pseudo card numbers. Your credit card will be charged via the pseudo card number after your order has been completed.
Refer a friend
Any data that we receive in the context of a friend referral is deleted if the referral does not lead to a commercial relationship with the referred individual after 30 days.
You can also send us a message via our contact form. We store the required field, email address and IP address. Your message is sent to our customer service department by email and answered from there. In the entry form, we limit the obligatory data to your email address according to Article 5(1)(c) of the GDPR.
You can make product reviews in the shop. By confirming the product review, the required email address field and the IP address are transferred to and stored by us. Once your review is published, only the user name you have chosen will be displayed.
Product recommendations by email
We reserve the right to send you, as a Juvel-5 customer, product recommendations to inform you about similar products that may be of interest by email. We strictly comply with the legal requirements. If you do not wish to receive any product recommendations or any other promotional messages from us, you may opt out at any time without incurring anything other than the transmission costs in accordance with the basic rates. Please direct any objections to firstname.lastname@example.org.
If you wish to receive the newsletter offered on the website, we need you to provide a valid email address as well as information that allows us to verify that you are indeed the owner of the email address provided and that you agree to receiving the newsletter.
In order to ensure that users do in fact wish to receive the newsletter, we use a double opt in procedure. As a result, the potential recipient may be included in a mailing list. The user will then be able to confirm registration in a legally secure manner by means of a confirmation email. The address is only actively added to the mailing list once confirmation has been received.
We use this data exclusively to dispatch the requested information and offers.
Sendinblue is used as newsletter software. Your data is therefore sent to Sendinblue GmbH. In this context, Sendinblue is prohibited from selling your data and using it for purposes other than sending newsletters. Sendinblue is a German certified provider, which has been selected according to the requirements of the GDPR and Federal Data Protection Act.
More information can be found here: Stay GDPR-compliant with Sendinblue
You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time via the ‘unsubscribe’ link in the newsletter.
4. Why do we process your data and on what legal basis?
In the following section, we inform you about why we process your data and the legal basis this is related to.
To fulfil contractual obligations (Article 6(1)(b) of the GDPR)
We process your data in order to carry out our contracts with you. The purposes of data processing are detailed in accordance with the specific contract.
In the context of the balancing of interests (Article 6(1)(f) of the GDPR)
We may also use your data on the basis of a balancing of interests to protect our interests or the legitimate interests of a third party. This is done for the following purposes:
- general business management and further development of products and advertising
- enforcement of legal claims and prevention and investigation of criminal offences
- ensure IT security and IT operations
Our interest in the respective processing stems from the respective purposes and has an additional economic nature (efficient task fulfilment, distribution, avoidance of legal risks). As far as the specific purpose allows, we process your data under a pseudonym and anonymously.
As a result of your consent (Article 6(1)(a) of the GDPR)
If you have given us your consent to process personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future. This also applies to declarations of consent which you have given us before the validity of the GDPR, i.e. before 25th May 2018. The revocation is only valid for future processing.
5. Who receives my data?
Your data will only be passed on as far as the law permits. Within our company, this means those who provide us with the information they need to fulfil our contractual and legal obligations or to perform their respective tasks.
In addition, the following places may receive your data:
- processors employed by us (Article 28 of the GDPR) or vicarious agents, in particular within the area of IT services, payment processing (credit card payments and PayPal payments), credit checks, transport and logistics, who process your data subject to our instructions,
- public authorities in the event of a legal or official obligation
6. How long is my data stored for?
If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and settlement of a contract.
In addition, we are subject to various retention and documentation obligations, which are, among others, based on the German Commercial Code (Handelsgesetzbuch) and German Tax Code (Abgabenordnung). The deadlines set out therein may be up to ten years.
Finally, the storage time is also assessed according to the statutory limitation period, e.g. according to Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch) which is generally three years.
7. Will the data be transmitted to a third country or to an international organization?
We will not transmit your data to countries outside the European Economic Area (EEA).
If you log in to PayPal with your user account, you can receive additional assistance via the telephone number of the customer service mentioned there.
Alternatively, you can choose other types of payment without using the PayPal system.
8. How is my data stored?
Data is secured on the basis of Article 32 of the GDPR.
In principle, we only work with certified service providers, which we regularly check for the validity of their certification. All data transmission is performed via encrypted connections. In particular, we would like to respond to our security measures in the shop and payment processing.
During the ordering process, your personal data is transmitted via the internet using strong SSL encryption (also see the Websale Data Security System™ for technical information).
Our shop is PCI-certified in accordance with the industry standards implemented by credit card organisations. Your credit card information is encrypted and securely stored and also encrypted and securely transmitted to our payment provider to process payments.
We use technological and organisational means to protect our website and other systems and prevent unauthorized persons from losing, destroying, accessing, changing or the distributing your data. Customer accounts can only be accessed by entering the appropriate personal password. You should always treat your access information confidentially and close the browser window, once you have ended your communication, especially when sharing the computer with others. Please refrain from using the same password for various internet sites.
After confirming the button ‘submit order’ you will be redirected to our payment provider Computop GmbH to enter your credit card information. To verify your payment, you be directed to your bank. You can find the https://computop.com/uk/data-protection
This is to carry out the customer authentification according to the directive EU 2015/2366. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR i.c.w. the corresponding provisions of the directive. You will receive an order confirmation from us only after you have confirmed the payment with your bank. Upon confirmation of your payment, a reservation will be made on your credit card. Your data is stored in and as so-called pseudo card numbers. Your credit card will be charged via the pseudo card number after your order has been completed.
9. What further data protection rights am I entitled to?
Under the respective legal requirements, you have the right to information (Article 15 of the GDPR, Section 34 of the Federal Data Protection Act (BDSG) in its version valid from 25th May 2018), to rectification (Article 16 of the GDPR), to deletion (Article 17 of the GDPR, Section 35 of the Federal Data Protection Act (BDSG) in its version valid from 25th May), to restriction of processing (Article 18 of the GDPR) and data transferability (Article 20 of the GDPR). You also have a right of appeal to a data protection supervisory authority (Article 77 of the GDPR, Section 19 of the Federal Data Protection Act (BDSG) in its version valid from 25th May.
10. Do I have a duty to provide data?
In the context of our business relationship, you must provide only the personal data necessary for the establishment, execution and termination of a business relationship. Without this data, we will have to reject the conclusion of the contract or the execution of the order.
11. To what extent is there an automated decision-making process in individual cases?
In principle, we do not use automated decision-making in accordance with Article 22 of the GDPR to establish and implement the business relationship.
12. To what extent is my data used for profiling?
We do not process your data with the aim of evaluating certain personal aspects (so-called ‘profiling’ according to Article 4(4) of the GDPR).
13. What right of objection do I have (Art. 21 DSGVO)?
Individual case-related right of objection
You have the right, for reasons arising from your particular situation, to make an appeal against the processing of personal data relating to you at any time, based on Article 6(1)(f) of the GDPR (data processing on the basis of a balancing of interests).
If you submit an opposition, we will no longer process your personal data unless we can prove compelling reasons for the processing or that the processing serves to assert, exercise or defend legal claims.
Right of objection against the processing of data for the purpose of direct marketing
We can also process your data for direct advertising within the scope of legal regulations. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising. If you object to the processing, for the purpose of direct advertising, we will no longer process your personal data for these purposes. The objection can be made without any effect. You will find our contact details in Point 1.