Data protection

Data privacy

Protecting your data is very important to us. Therefore, in the following, we would like to inform you of what data we use for which purposes. The “controller” pursuant to the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection laws is:

KANTO SPA GmbH
AlbThermen
Bei den Thermen 2
72574 Bad Urach

Tel: 07125 / 94 36 0
Fax: 07125 / 94 36 30
Email: info-albthermen@kanto.de

 

In addition, KANTO SPA GmbH has appointed an external data protection officer who can be contacted at:
datenschutz@albthermen.de

 

With this data privacy statement, users are informed of the nature, scope, and purpose of the collection and use of their data by the responsible provider.

 

Collection and storage of personal data as well as the nature and purpose of its use

When you access our website, the browser used on your device automatically transmits information to the server for our website. This information is temporarily stored in a “log file.” The following information is automatically collected and stored until deleted on an automated basis:

  • IP address of the computer,
  • date and time of access,
  • name and URL of the file accessed,
  • website linking to the access (referrer URL),
  • browser used and possibly your computer’s operating system as well as the name of your access provider.


The information above is processed by us for the following purposes:

  • ensuring smooth connection establishment to the website,
  • ensuring convenient use of our website,
  • evaluating system security and stability, and
  • other administrative purposes.


The legal basis for processing the data is Art. 6 section 1 sentence 1 lit. f GDPR. Our legitimate interest is based on the data collection purposes above. Under no circumstances do we use the data collected to make inferences about your person.

 

SSL or TLS encryption

For security reasons and to ensure safe transmission of confidential content that you send to us as website operator, our website uses SSL or TLS encryption. This renders data that you transmit via this website unreadable for third parties. You can see that the connection is encrypted through the “https://” address bar in your browser and the lock icon in the browser bar.

 

Data transfer when entering into a contract for the purchase and shipment of goods

Personal data is only transmitted to third parties when necessary to fulfill the terms of the contract. Such third parties include, for example, payment services or logistics companies. Personal data is not shared for any other purpose unless you have given us express permission to do so.

The legal basis for the processing of data is Art. 6 section 1 lit. b GDPR, which permits the processing of personal data when necessary for the performance of a contract or for measures that serve the entering into a contract.

 

Registration on this website

To be able to use certain functions, you can register on our website. The information transferred exclusively serves the purpose of using the respective offer or service. The required fields for registration must be thoroughly completed. We will otherwise deny the registration.

You will be informed by email of important changes, for example for technical reasons. The email will be sent to the address provided at registration.

The processing of data provided at registration is based on your consent (Art. 6 section 1 lit. a GDPR). You may withdraw this consent at any time. To withdraw your consent, it is sufficient to send us an informal email stating your intention to do so. The lawfulness of data processing that has taken place prior to this remains unaffected by the revocation.

We store the data collected at your registration for the period of time during which you are registered on our website. Should you cancel your registration, your data will be deleted. Mandatory data retention periods remain unaffected.

 

Contact form

Data transferred via the contact form, including your contact details, are only stored for the purpose of processing your inquiry or for assisting with follow-up questions. This information is not shared with third parties without your consent.

The information entered in the contact form is exclusively processed on the basis of your consent (Art. 6 section 1 lit. a GDPR). You may withdraw this consent at any time. To withdraw your consent, it is sufficient to send an informal email stating your intention to do so. The lawfulness of data processing that has taken place prior to this remains unaffected by the revocation.

We retain data transferred to us via the contact form until you ask us to delete the data, revoke your consent to storage of the data, or when storing the data is no longer necessary. Mandatory regulations – in particular, retention periods – remain unaffected.

 

Newsletter information

We require an email address from you in order to send you our newsletter. It is not necessary to verify the email address provided and consent to receipt of the newsletter must be given. Additional information is not collected or is voluntary. The information is exclusively used to send the newsletter.

The information provided when subscribing to the newsletter is exclusively processed on the basis of your consent (Art. 6 section 1 lit. a GDPR). You may withdraw your consent at any time. To withdraw your consent, it is sufficient to send us an informal email stating your intention to do so, or you can unsubscribe using the "unsubscribe" link in the newsletter. The lawfulness of data processing that has taken place prior to this remains unaffected by the revocation.

Information provided to set up a subscription is deleted when you unsubscribe. If this information was transmitted to us for other purposes and in a different context, we retain it.

 

CleverReach

We use CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. With this service, we can organize and analyze newsletter mailings. The information you provide to receive the newsletter, e.g. your email address, is stored on the servers of CleverReach. Server sites are in Germany or Ireland.

Using CleverReach newsletter mailings allows us to analyze the behavior of newsletter recipients. The analysis shows, for example, how many recipients opened their newsletters, and how frequently they clicked on links in the newsletter. CleverReach supports conversion tracking in order to analyze whether a previously defined action, for example a product purchase, takes place after a click on a link. You can find more details about data analysis by CleverReach at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data is processed on the basis of your consent (Art. 6 section 1 lit. a GDPR). You may withdraw this consent at any time. To withdraw your consent, it is sufficient for you to send an informal email stating your intention to do so, or you can unsubscribe using the "unsubscribe" link in the newsletter. The lawfulness of data processing that has taken place prior to this remains unaffected by the revocation.

If you do not wish an analysis by CleverReach then you must unsubscribe from the newsletter. To unsubscribe, just send an informal email stating your intention to do so or use the "unsubscribe" link in the newsletter.

Information provided to set up a subscription is deleted from our servers and the servers of CleverReach when you unsubscribe. If this information was transmitted to us for other purposes and in a different context, we retain it.

You can find more details on CleverReach data privacy policy at: https://www.cleverreach.com/de/datenschutz/.

Order processing

To thoroughly fulfill data protection laws, we have concluded a contract for order processing with Clever Reach.

 

Cookies

Our website uses cookies. These are small text files that your web browser stores on your computer. Cookies help us to make our content more user-friendly, effective, and safer.

Some cookies are "session cookies." These cookies are automatically deleted after your browser session. Other cookies remain on your computer until you delete them yourself. These cookies help us to recognize you when you return to our website.

With a modern web browser, you can monitor, limit or disable cookies. Many web browsers can be configured to automatically delete cookies when the program is closed. Deactivating cookies can result in a loss of functionality of our website.

Cookies that are necessary for performing electronic communication processes or for providing specific functions desired by you (e.g. shopping cart) are set in accordance with Art. 6 section 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in storing cookies in order to provide technically error-free and smooth services. If other cookies are set (e.g. for analysis functions), these will be regulated separately in this data privacy statement.

 

Google Analytics

Our website uses functions of the web analysis service Google Analytics. Provider of the web analysis service is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses "cookies." These are small text files that your web browser stores on your computer and that allow an analysis of use of the website. Information generated by cookies regarding your use of our website are sent to a Google server and stored there. The server is normally located in the USA.

Google Analytics cookies are set in accordance with Art. 6 section 1 lit. f GDPR. As the operator of this website, we have a legitimate interest in the analysis of user behavior in order to optimize our web services and possibly advertising as well.

IP anonymization

We use Google Analytics in connection with the IP anonymization function. This guarantees that Google shortens your IP address within Member States of the European Union or in other parties to the Agreement on the European Economic Area before it is sent to the USA. In exceptional cases, Google transfers the full IP address to a server in the USA and abbreviates it there. On our behalf, Google will use this information to evaluate your use of the website, to create reports on website activity, and to provide further services relating to use of the website and Internet usage for us. The IP address transmitted by Google Analytics is not combined with other data held by Google.

Browser plug-in

You can prevent cookie settings on your web browser. This may, however, limit some of the functions of our website. You can also prohibit the collection of data relating to your website use, including your IP address, and subsequent processing by Google. To do this, you can download and install the browser plug-in at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie is set that prevents your data from being collected during future visits: Deactivate Google Analytics.

You can learn more about the processing of user data at Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order processing

To thoroughly fulfill data protection laws, we have concluded a contract with Google for order processing.

Demographic characteristics with Google Analytics

Our website uses the Google Analytics function "demographics." This can be used to create reports regarding the age, gender, and interests of site visitors. This information is derived from interest-related advertisements of Google and visitor data of third-party providers. The data cannot be assigned to a specific person. You can deactivate this function at any time. This can be done using the advertisement settings in your Google account or you can generally prohibit the collection of your data by Google Analytics following the measures explained in the section "Objection to data collection."

 

PayPal

Our website allows payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg.

When you pay with PayPal, the payment information you enter is transmitted to PayPal.

Your data is transmitted to PayPal in accordance with Art. 6 section 1 lit. a GDPR (consent) and Art. 6 section 1 lit. b GDPR (processing necessary to perform a contract). You may withdraw your consent at any time. In the case of a revocation, data processing that has taken place prior to this remains effective.

 

Direct bank transfer with "Sofortüberweisung"

Our website allows payment using "Sofortüberweisung." Provider of the payment service is Sofort GmbH, Theresienhöhe 12, 80339 Munich.

Using "Sofortüberweisung," we receive a payment confirmation from Sofort GmbH in real time and can immediately begin to fulfill our obligations.

When you use the "Sofortüberweisung" payment service, your PIN and TAN are transferred to Sofort GmbH. The payment service provider uses them to log in to your online banking account; it automatically checks your account balance and performs the transfer. A transaction confirmation follows immediately. Your credits and debits, the credit line for overdrafts, and the existence of other accounts and their balances are also automatically assessed after login.

In addition to PIN and TAN, payment information and information relating to your person is transferred to Sofort GmbH. Your personal information includes first and last name, address, telephone number, email address, IP address, and possibly other information that is necessary for processing the payment. It is necessary to transfer this information in order to establish your identity beyond doubt and to prevent attempted fraud. Your information is transferred to Sofort GmbH in accordance with Art. 6 section 1 lit. a GDPR (consent) and Art. 6 section 1 lit. b GDPR (processing to perform a contract). You may withdraw your consent at any time. In the case of a revocation, data processing that has taken place prior to this remains effective.

For more details on payment using "Sofortüberweisung," please refer to: https://www.sofort.de/datenschutz.html and https://www.klarna.com/sofort/.

 

Data subject rights

You have the right:

  • in accordance with Art. 15 GDPR to obtain information regarding data relating to your person that we have processed. In particular, you may request information regarding the purposes of processing, the category of personal data concerned, the categories of recipients to whom your data has or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data, or restriction of processing of personal data, or to object to such processing, the existence of the right to lodge a complaint, to inquire about the source of your personal data if it was not collected by us, and to receive meaningful information regarding details of the existence of automated decision making including profiling;
  • in accordance with Art. 16 GDPR to request without undue delay the rectification of inaccurate or incomplete personal data of yours stored by us;
  • in accordance with Art. 17 GDPR to request the erasure of personal data concerning you that we have stored, provided the processing of this data is not necessary for reasons of exercising the right of freedom of expression and information, compliance with a legal obligation, public interest, or the establishment, exercise or defense of legal claims;
  • in accordance with Art. 18 GDPR to request the restriction of the processing of your personal data provided the accuracy of the personal data is being contested by you, the processing is unlawful however you oppose the erasure of the personal data, we no longer need the data but it is required by you for the establishment, exercise, or defense of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR;
  • in accordance with Art. 20 GDPR to receive personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request that the data be transmitted to another controller;
  • in accordance with Art. 7 section 3 GDPR to withdraw the consent you have given us at any time. This has the result that, in future, we may not continue data processing that was based on your consent, and
  • in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. Normally, you can refer to the supervisory authority at your habitual residence or place of work for this.

 

Right to object

Provided your personal data is being processed on legitimate grounds in accordance with Art. 6 section 1 sentence 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data provided this is on grounds relating to your particular situation or the objection concerns direct marketing. In the latter case, you have a general right to object that will be implemented by us without your stating a particular situation.

If you would like to withdraw your consent or lodge an objection, it is sufficient to send an email to: info-albthermen@kanto.de.

 

Segments from: Data protection configurator from mein-datenschutzbeauftragter.de