We are pleased
that you are visiting our website. The protection and security of your
personal information when using our website is very important to us. We
would therefore like to inform you at this point which of your personal
data we collect when you visit our website and for what purposes it is
This data protection declaration applies to the website of medimentumHealthFood, which can be reached under the domain www.medimentumhealthfood.store as well as the various subdomains („unsere Website“).
Who is responsible and how do I contact you?
for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)
PO box 420231
Tel.: +49 (0)30 6650 8230
Data protection officer
Dr. Joachim Sproß
What is this about?
This data protection declaration meets the legal requirements for transparency in the processing of personal data. This is all information that relates to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your date of birth, your e‑mail address, your IP address or user behavior when visiting a website. Information with which we cannot (or only with disproportionate effort) relate to you personally, e.g. through anonymization, are not personal data. The processing of personal data (e.g. the collection, querying, use, storage or transmission) always requires a legal basis and a defined purpose.
Stored personal data are deleted as soon as the purpose of the Processing has been achieved and there are no legitimate reasons for further retention of the data. We will inform you about the specific storage periods and criteria for storage in the individual processing operations. Regardless of this, we store your personal data in individual cases to assert, exercise or defend legal claims and if there are statutory retention requirements.
Who gets my data?
We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfillment of the purposes and in individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients can then e.g. Law enforcement authorities, lawyers, auditors, courts, etc.
Insofar as we use service providers for the operation of our website who, as part of order processing on our behalf, provide personal data in accordance with. Process Art. 28 GDPR, these recipients of your personal data can be. You can find more detailed information on the use of processors and web services in the overview of the individual processing operations.
What rights do I have?
Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you as a data subject have the following rights:
- Information in accordance with Art. 15 GDPR about the data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Correction in accordance with Art. 16 GDPR of inaccurate or incomplete data stored by us;
- Deletion in accordance with Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- Restriction of the processing in accordance with Art. 18 GDPR, insofar as the correctness of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to delete it, because you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.
- Data portability in accordance with Art. 20 GDPR, insofar as you have provided us with personal data within the framework of consent pursuant to Art. 6 sec. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 sec. 1 lit.b GDPR and these were processed by us by means of automated procedures. You receive your data in a structured, common and machine-readable format or we transmit the data directly to another responsible person, as far as this is technically feasible.
- In accordance with Art. 21 GDPR, you object to the processing of your personal data, insofar as they are carried out on the basis of Art. 6 sec. 1 lit. e, f GDPR and there are reasons for doing so, which arise from your particular situation or if the objection is directed against direct marketing. The right to object does not exist if overriding, overriding reasons for processing are proven or if the processing is carried out for the assertion, exercise or defence of legal claims. Insofar as there is no right to object in individual processing operations, this is indicated therein.
- Revocation in accordance with Art. 7 sec. 3 GDPR of your given consent with effect for the future.
- Complaint under Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.
How will my data be processed in detail?
In the following we will inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.
Provision of the website
Type and scope of processing
When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- Website from which access is made (referrer URL)
- Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of Art. 28 DSGVO.
Purpose and legal basis
The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of the Art. 6 para. Lit. f GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception according to Art. 21 Paragraph 1 GDPR. Insofar as the further storage of the log files is required by law, the processing takes place on the basis of Art. 6 Para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is technically not possible to call up our website without providing the data.
The aforementioned data are used for the duration of the display of the website [and for technical reasons beyond that for a maximum of [7 days]].
Type an scope of processing
On our website, we
offer you the option of contacting us using a form provided. The
information that is collected via mandatory fields is required to
process the request. In addition, you can voluntarily provide additional
information that you believe is necessary to process the contact
When using the contact form, your personal data will not be passed on to third parties.
Purpose and legal basis
The processing of your data by using our contact form takes place for the purpose of communication and processing of your request on the basis of your consent in accordance with. Art. 6 para. 1 lit. a GDPR. If your request relates to an existing contractual relationship with us, processing for the purpose of fulfilling the contract is based on Art. 6 Para. 1 lit. b GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your request without providing the information in the mandatory fields. If you do not want to provide this data, please contact us by other means.
If you use the contact form on the basis of your consent, we will store
the data collected for each inquiry for a period of three years,
starting with the completion of your inquiry or until you revoke your
If you use the contact form as part of a contractual relationship, we will store the data collected for each inquiry for a period of three years from the end of the contractual relationship.
Registration of a customer account
As part of the order processing, we collect your personal data to
register a customer account. You can choose whether you want to order as
a guest or register a permanent user account. The information that is
collected during registration via the mandatory fields is identical in
both cases and is required to process the order in the online shop. When
registering a permanent user account, we also collect a password that
you specify yourself. In addition, you can voluntarily provide
additional information that you deem necessary to process the order.
A transfer of your personal data to third parties (e.g. shipping service provider / freight forwarder) and processors in accordance with Art. 28 GDPR only if this is necessary for the processing of the order.
We process your personal data for the purpose of registering a customer account to fulfill a contract with you in accordance with Article 6 (1) (b) GDPR. There is a contractual obligation to provide your data insofar as it relates to the mandatory fields, since this information is necessary for us to identify you and to fulfill the contract. There is no legal obligation to provide the data. Without the provision of this information, the order in our online shop and thus the conclusion of a contract is not possible. There is no obligation to provide the additional information provided voluntarily. It is also possible to place an order in our online shop without disclosing any voluntary information.
The additional processing of your password for the registration of the permanent user account takes place for the purpose of providing a customer account and to display your previous purchases as well as to save your purchase-related data (e.g. saving of billing address, different delivery addresses) on the basis of your consent in accordance with Article 6 Paragraph 1 lit. a GDPR. By deleting your customer account, you can declare your revocation at any time with effect for the future in accordance with Article 7 (3) GDPR.
If you order as a guest, we store your personal data until your order has been processed in full (end of contract). When registering a permanent customer account, we store the purchase-related data beyond the end of the contract until you revoke your consent (deletion of the customer account). In both cases, your data will only be stored further if there are statutory storage requirements (e.g. tax and commercial law).
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow
Street, Dublin 4, Ireland, as a service to provide fonts for our online
offering. To obtain these fonts, connect to Google Ireland Limited
servers, which will transmit your IP address.
Google Fonts are used on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a. GDPR.
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. You can find further information in the data protection notice for Google Fonts: https://policies.google.com/privacy.