Data protection

Information how we use your data

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider and the like. This is only information that does not allow any conclusions to be drawn about your person. This information is technically necessary for the correct delivery of content requested by you from websites and is mandatory when using the Internet. Anonymous information of this kind is statistically evaluated by us in order to optimize our Internet presence and the technology behind it.

General information on data protection

 

Below you will find the data protection information for the https://www.biohealth-int.com/ website. Responsible body for data processing via the named website is:

 

BHI – Biohealth International GmbH (hereinafter referred to as BHI)

Managing Director: Stefan Gebhardt

Heinrich-Wirth-Str. 13

95213 Münchberg

Germany

E-mail: info@biohealth-int.com

 

For the assertion of rights within the framework of data protection or for questions regarding the use, collection or processing of your personal data, please contact our data protection officer:

 

SBS Data Protect GmbH

Rep. Thilo Noack

Hans-Henny-Jahnn Way 49

22085 Hamburg

Germany

E-mail: noack@sbs-data.de

 

Legal basis for the collection of personal data

 

The automatic collection and processing of personal data by the https://www.biohealth-int.com website can be based on various legal bases.

 

  1. Art. 6 para. 1 lit. a) DSGVO – Consent
  2. Art. 6 para. 1 lit. b) DSGVO – Contract
  3. Art. 6 para. 1 lit. f) DSGVO – Balancing of interests

 

Data collection based on Art. 6 Para. 1 S.1 lit. f DSGVO

 

The following types of data are collected on the basis of legitimate interests:

IP address: Your IP address is shortened and cannot identify you directly.

Date and Time: We store the date and time of client requests sent to our server.

Time Zone Difference to Greenwich Mean Time (GMT): We use this information to determine your geographic location so we can track an attack.

Page content (requirements): We check the requirements you place on the requested page and the length of time it will remain on a page.

Access status/HTTP status code: We store and check (write) accesses to our systems.

Data volume: We check the amount of data transferred in each case.

Referrer links: We analyze websites that have led you to us.

Browser and device information: We store your browser version and the information of the device you use to visit our site.

Error log We store failed logon attempts to detect access by brute force attacks.

Further information is processed if there is reason to suspect an attack:

  • sessions
  • hits
  • files
  • Item URL
  • client domains
  • Browser review and logging of write accesses

This data is stored in log files (log files and/or error files). They are used for the safety analysis of our website. We evaluate this data in order to regularly optimize the security of our website. The data is automatically collected when you visit https://www. biohealth-int.com and stored.

The data is deleted after an evaluation. Usually after 60 days if no safety incidents are known. The legal basis is Art. 6 (1) sentence 1 lit. f DSGVO. We have a legitimate interest in processing this data for IT security reasons in order to comply with our obligations under Art. 32 DSGVO.

 

Groups of persons affected

 

Our website is aimed at all customers, employees, service providers, partners, applicants and other interested parties. We provide these groups of people with information about our contract manufacturing. BHI – Biohealth International GmbH is a contract manufacturer for food supplements, dietary foods and powder mixtures. To this end, we optimize the production processes for everything from product development to shipping.

 

Security and protection of your personal data

 

The collection, storage, modification, transmission, blocking, deletion and use of your personal data is carried out on the basis of the applicable legal provisions, in particular the Data Protection Ordinance (DSGVO).

We have taken technical and organisational measures to ensure that the data protection regulations are observed both by us and by our external service providers.

 

storage period

 

We store your personal data for as long as it is necessary to achieve the respective purpose of processing or as long as the storage is subject to a statutory retention period.

Data that we process on the basis of your given consent will be stored until you revoke your consent.

Data which we process for the execution of a contract with you will be stored for as long as the contractual relationship exists and, if applicable, beyond that, if statutory retention periods oblige us to do so.

We store data that we process on the basis of our legitimate interests as long as your interest in deleting the data does not predominate.

 

Use of cookies

 

In addition to the aforementioned data, cookies are stored on your computer when you use our website.

Through the use of cookies it is possible to send back personal information from your terminal to our web server and to process it. Processing can be carried out by the BHI. Other vendors that we use to analyze browser and visitor information may view this information. We use this information to make the site more useful to you and to provide you with a more user-friendly experience on our site. Cookies contribute to the fact that our website is constantly improved in content and visually.

You also have the possibility to use our website without cookies. Please note that known Internet browsers such as Google Chrome, Mozilla Firefox and Microsoft Edge have settings where you can manage cookies. You can deactivate stored cookies or delete them from your browser. Each browser type has a help function where you can find a description of how cookies are managed in the browser. We would like to point out that the deactivation or deletion of some cookies can lead to display and function problems.

We distinguish four types of cookie:

  1. Unconditionally required cookies (type a)
  2. Functional and Performance Cookies (Type b)
  3. Cookies requiring consent (type c)
  4. Administration and deletion of all cookies

 

Unconditionally required cookies (type a)

 

Cookies that are absolutely necessary guarantee functions without which you cannot use our web pages as intended. These cookies are used exclusively by us and are therefore first party cookies. This means that all information stored in the cookies is returned to our website. The use of absolutely necessary cookies on our website is possible without your consent. You can manage cookies in your browser settings at any time.

 

Functional and Performance Cookies (Type b)

 

For this purpose we use functional cookies in order to analyse the visitor behaviour on our website. These cookies help us, for example, to determine whether and which subpages of our website are visited and in which content users are particularly interested. In particular, we record the number of visits to a page, the number of sub-pages viewed, the time spent on our website, the order of pages visited, which search terms have led you to us, the country, region and, if applicable, city from which access is made, as well as the proportion of mobile devices that access our websites. As a result, we can tailor the content of our website more specifically to the needs of our users and optimize our offerings. The IP address of your computer transmitted for technical reasons is automatically anonymised and does not allow us to draw any conclusions about the individual user. You can object to the use of functional and performance cookies at any time by adjusting your cookie settings accordingly.

Legal basis: Art. 6 (1) f DSGVO

 

Cookies requiring consent (type c)

 

Marketing cookies originate from external advertising companies (third party cookies) and are used to collect information about the websites visited by the user in order to create target group-oriented advertising for the user.

You may also manage cookies used for online advertising through tools developed in many countries as part of self-regulatory programmes, such as the US-based https://www.aboutads.info/choices/ or the EU-based http://www.youronlinechoices.com/uk/your-ad-choices .

In addition, you can set your Internet browser so that the storage of cookies is generally prevented on your terminal device or you are asked each time whether you agree to the setting of cookies. Once cookies have been set, you can also delete them at any time. How all this works in detail can be found in the help function of your browser.

 

Use of social media plug-ins

We currently use social media plug-ins to communicate with target groups. By calling up a page, visitor and browser data are transmitted to the respective plug-in provider. We would like to point out that we can only give information on personal data to those affected within our scope. In this context, there is a joint responsibility for the processing of your data in accordance with Art. 26 DSGVO with the BHI and the respective plug-in providers.

 

Google Maps

 

On our website the functions of Google Maps are integrated. This enables us to display interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. Google stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. Such evaluation is carried out in particular (even for users who are not logged in) in order to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. They have the right to object to the creation of these user profiles and must contact Google to exercise this right.

Information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy .

Google also processes your personal data in the United States and has adopted the EU-US Privacy Shield,https://www.privacyshield.gov/EU-US-Framework .

This data processing is carried out on the basis of Art. 6 Para. 1 S.1 lit. f DSGVO in order to safeguard the legitimate interests of BHI, namely the optimisation of our offer.

For more information about data processing by Google, please refer to the Google Privacy Notice. We have concluded a contract with Google Maps for joint responsibility (Art. 26 DSGVO). You can read this in the data protection centre and also change your personal data protection settings.

Recipient / Transmission

When you visit our website, Google receives information about the fact that you have accessed the corresponding subpage of our website. This is done regardless of whether or not you have a Google Account as a visitor.

storage period

We do not collect any personal data through the integration of Google Maps. Google may store and process your data for other purposes. This may result in different retention periods.

 

Embedded YouTube videos

 

Nature and purpose of the processing

On some of our websites we embed YouTube videos. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter “YouTube”).

BHI uses a two-click solution, where a called URL with an embedded Youtube video does not yet transmit any data to YouTube. The transmission of your personal data to the YouTube servers only takes place when the website visitor has clicked on the video.

This will tell YouTube which pages you are visiting when you are logged into your YouTube account.

Further information on the purpose and scope of data collection and processing by YouTube can be found in the provider’s privacy policy, where you will also find further information on your rights in this regard and setting options to protect your privacy (https://policies.google.com/privacy). Google processes your data in the USA and has submitted to the EU-US Privacy Shield www.privacyshield.gov/EU-US-Framework.

 

legal basis

 

The legal basis for the integration of YouTube and the associated data transfer to Google is Art. 6 para. 1 sentence 1 lit. f DSGVO for marketing purposes and thus also for reaching selected target groups. In addition, YouTube videos are used to present our company to the outside world in a more customer-friendly way.

 

transmittal

 

Calling YouTube automatically triggers a connection to Google.

 

storage period

 

If you have deactivated the saving of cookies for the Google Ad program, you will not have to reckon with such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in the browser.

Further information on data protection at “YouTube” can be found in the provider’s data protection declaration at:https://www.google.de/intl/de/policies/privacy/

 

third country transfer

 

Google processes your data in the USA and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

 

Use of our social media pages

 

Facebook fan page

 

BHI uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland (hereinafter referred to as Facebook) for the information service offered here. The website also contains a link to BHI’s Facebook fan page.

In the opinion of the ECJ, there is a joint responsibility within the meaning of Art. 26 DSGVO between Facebook and the operator of a Facebook fan page for the personal data processed via the Facebook fan page. Facebook and BHI have therefore entered into a joint responsibility agreement.

BHI provides you with the following information about data processing on our Facebook fan page:

Responsible persons

The processing of your personal data on the Facebook fan page of BHI takes place in joint responsibility with:

Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland

 

data processing

 

When accessing a Facebook fan page, the IP address of your end device is transmitted to Facebook. According to Facebook, this IP address is anonymized and deleted after 90 days, at least if it is a German IP address. In addition, Facebook stores further information about the end devices of its users, e.g. the Internet browser used. This may enable Facebook to assign IP addresses to individual users. If you are logged into your Facebook account while visiting our fan page, a cookie containing your Facebook identifier will be stored on your device. This cookie allows Facebook to track your visit to our fan page and how you used it. Facebook uses this information to provide you with customized content or advertising.

If you do not want this, you should log out of your Facebook account or deactivate the “Stay logged in” function. We also recommend that you delete cookies from your device and exit and restart your browser. This process deletes Facebook information that allows Facebook to link to you.

However, if you want to use the interactive features of our fan page, you will need to re-register with Facebook using your Facebook credentials. This also makes it possible for Facebook to link to you again.

In what way Facebook uses the data from visits to Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties, is not conclusively and clearly named by Facebook and is not known to us. As a user of our fan page, we can only refer you to Facebook’s comments on data protection.

The data collected about you in this context is processed by Facebook and may be transferred to countries outside the European Union.

Facebook describes in general terms what information it receives and how it is used in its data use guidelines. There you will also find information on how to contact Facebook and how to set up advertisements. The data usage guidelines are available at the following link: http://de-de.facebook.com/about/privacy

The complete Facebook data guidelines can be found here:

https://de-de.facebook.com/full_data_use_policy

Facebook’s privacy policy contains further information on data processing:

https://www.facebook.com/about/privacy/

Possibilities for opposition (so-called opt-out) can be set here: https://www.facebook.com/settings?tab=ads  and here http://www.youronlinechoices.com

Facebook Inc., the US parent company of Facebook Ireland Ltd., is certified under the EU-U.S. Privacy Shield and thus undertakes to comply with the requirements of European data protection law. For more information about Facebook’s Privacy Shield status, please visit https://www.privacyshield.gov/participant?id=a2zt0000000GnywAACtatus=Active

The transfer and further processing of personal data of users in third countries, such as the USA, as well as the associated possible risks for you as a user cannot be assessed by us as the operator of the Facebook fan page.

 

Insights Function

 

Facebook also provides a series of statistical data for BHI as a fan page operator as part of the so-called “Insights” function. These statistics are generated and provided by Facebook. As the operator of the fanpage, we have no influence on the creation, in particular we cannot prevent this function. As part of the “Insights” function, the following information is displayed to us for the categories “Fans”, “Subscribers”, “Persons Reached” and “Interacting Persons” for a selectable period of time:

Page activities such as page views, page previews, actions on the page; reach activities such as “Like” information, people reached and recommendations, post activities such as post interactions, video views, comments, shared content.

We also receive statistical information about the Facebook groups associated with our fan page. In accordance with the Facebook Terms of Use, which each user has agreed to when creating a Facebook profile, we may also identify subscribers and fans of the site and view their profiles and other shared information from them.

More information about this can be found on Facebook at the following link:

http://de-de.facebook.com/help/pages/insights

BHI uses these data, available in aggregated form, to make contributions and activities on the fan page more attractive to users, e.g. for planning the content and timing of contributions. The legal basis for this data processing is Art. 6 Para. 1 S. 1 lit. f DSGVO, namely our legitimate interest in optimising our offer.

 

storage period

 

We do not store information provided by Facebook for longer than your interest in deletion or anonymization outweighs.

If you no longer wish to have the data processing described here processed in the future, please cancel the connection of your user profile to our fan page by using the functions “I no longer like this page” and/or “No longer subscribe to this page”.

 

Your rights as a data subject Person

 

We encourage you to contact Facebook directly with any requests for information or other questions regarding your rights listed at the end of this Privacy Statement, as only Facebook has full access to user information. Should you nevertheless send your request to us, it will of course still be processed and additionally forwarded to Facebook.

 

Twitter

 

We operate a Twitter account. The features on this page are provided by Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When you access our pages with Twitter plug-ins, a connection is established between your browser and the Twitter servers. Data is already transferred to Twitter. If you have a Twitter account, this data can be linked to it. Interactions, especially clicking a “Re-Tweet” button, are also forwarded to Twitter. You can find out more at: https://twitter.com/privacy . BHI and Twitter are jointly responsible for the collection and processing of personal data pursuant to Art. 26 DSGVO.

 

Enquiries via contact forms and e-mail

 

If you contact us by e-mail, the information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.

The data provided by you, such as first name, last name, company, e-mail address, telephone number, function, country and any personal information, will be stored by us in order to answer your questions.

Please note that each information is voluntary. You can also contact us in another way. The person concerned is free to decide which data is transmitted to us. This data can contain the following information, for example:

  • Personal Information
  • Information on the social and professional situation
  • Information for the financial situation
  • Information on the state of health
  • Information about personal interests and preferences

We will delete the data that arises in this context after the storage is no longer necessary, e.g. when your request has been dealt with. Otherwise, processing will be restricted if there are legal storage obligations. Art. 6 para. 1 sentence 1 lit. a, b and f DSGVO serve as the legal basis.

 

Newsletter

 

Our newsletter from BHI contains news, offers and further information about our services for interested parties and customers. You do not have to subscribe to our newsletter. We do not collect any personalized information for the creation of our newsletters. There is no electronic dispatch to interested parties. All newsletters are public and can be accessed on our website.

 

Collection of personal data during contract conclusion and payment

 

In the case of contractual relationships, the legal basis is the contract from Article 6 DSGVO, which we have concluded with you. Art. 6 para. 1 sentence 1 lit. b DSGVO is the legal basis for the processing of such requests. If you wish to make an enquiry via our website, it may be necessary for you to enter your personal data for the conclusion of the contract, which we require for the processing of your enquiry.

In the context of an order we store the following personal data:

– Name,

– Address,

– Phone number,

– E-mail address,

– Possibly a different delivery address,

– Possibly an existing sales tax ID number

– Payment details.

We use these data exclusively for the purpose of the execution of the contract and the necessary communication with you. This includes the initiation, conclusion, processing, warranty and, if applicable, rescission of the purchase contract. The data are stored by us up to the complete execution of the sales contract. Insofar as commercial and tax retention periods exist, the storage period can be up to 10 years.

The collection and processing takes place within the framework of the contract concluded between BHI and the customer pursuant to Art. 6 Para. 1 S. 1 lit. b DSGVO. The legal basis for further storage for tax and commercial law reasons is the necessity according to the law pursuant to Art. 6 Para. 1 S. 1 lit. c DSGVO. The partial evaluation of contract data for controlling purposes is in the legitimate interest of BHI to be able to optimally place our company on the market in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO.

 

application process

 

BHI collects and processes personal data of applicants as part of the contract initiation process. Applicant data can be sent by post or e-mail. Applicant data will only be stored and processed in accordance with legal data protection requirements.

Access to application documents is restricted to the employees involved in the process. Other persons may not inspect application documents. After an unsuccessful application, the application documents will be deleted or returned to the applicant. However, BHI may keep the documents for a certain period of time in order to defend itself against any violation of the prohibition of discrimination under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG) pursuant to § 15 (4) AGG. Therefore, if the application is rejected, the application documents will be returned to the applicant or destroyed after 2-3 months from receipt of the rejection. The letter of application, which often contains sensitive information, is also part of the application file. If the application is successful, the application documents will be kept in the personal file.

The legal basis for processing this data is §26 BDSG i.V.m. Art. 6 para. 1 sentence 1 lit. b) DSGVO.

 

data transfers

 

We only pass on your personal data to third parties insofar as this is necessary for the execution of the contract or to safeguard our legitimate interests. We also make use of external service providers (contract processors) for the execution of the contract. Separate contract data processing agreements have been concluded with the service providers in order to ensure the protection of your personal data.

  1. a) For the purpose of the so-called hosting of our server systems as well as the technical administration of the IT systems required for hosting, data of the website visitors, customers or other interested parties of our offer can be processed by our external service company. These are log files. The data categories can be found in the section “Data collections based on Art. 6 para. 1 sentence 1 lit. f DSGVO” above.
  2. b) To process orders, the customer’s first name, surname, address, e-mail address, telephone number and payment details are forwarded to our external processing service provider.
  3. c) To carry out the delivery, the first name, surname, address, e-mail address and telephone number of the customer are forwarded to external shipping companies to carry out the delivery.
  4. d) For payment processing, the customer’s payment data, namely first name, surname, address, e-mail address, telephone number, date of birth, IBAN, BIC and IP address are forwarded to credit institutions or payment intermediaries, depending on which payment method you have chosen.
  5. e) In order to process our accounting, we pass on personal data, namely first name, surname, address, e-mail address and telephone number, to our external accounting service provider in connection with customer orders.

The data transfer to the service providers mentioned under 9 a) – e) is carried out to carry out the contractual relationship with you as the customer, as well as to protect our legitimate interests. The legal basis for these data processing operations is Art. 6 para. 1 sentence 1 lit. b and lit. f DSGVO.

 

Revocation of consent

 

If the processing of personal data is based on a given consent, you have the right to revoke the consent at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.

You can contact us at any time to exercise your right of revocation.

 

Your rights as a data subject

 

You have the right to receive information about your personal data stored by us at any time. You also have the right to correction, blocking or, apart from the prescribed data storage for business transactions, deletion of your personal data and data transmission. Please contact one of our contact persons. You will find the contact details at the bottom of this page.

In order for a block of data to be taken into account at any time, this data must be kept in a block file for control purposes. You can also request the deletion of the data, unless there is a legal archiving obligation. As far as such an obligation exists, we block your data on request.

You can change or revoke your consent by notifying us accordingly with effect for the future.

Notwithstanding any rights you may have against us, you also have the right to complain to any regulatory authority, including but not limited to the Member State in which you reside, your place of work or the location of the alleged infringement, if you believe that the processing of your personal data is in breach of the DSGVO.

The supervisory authority to which the complaint was submitted will inform you of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.

A list of all supervisory authorities can be found here:https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

We hope that this information has helped you to exercise your rights. If you would like more information on the data protection regulations, we are at your disposal.

 

Changes to our privacy policy

 

We reserve the right to occasionally adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. Your renewed visit will then be subject to the new data protection declaration.

 

Questions about data protection

 

If you have any questions regarding data protection, please send us an e-mail or contact us in writing.

 

Privacy policy status: 13.11.2019