Privacy Policy

Privacy Notice – YOGI TEA GmbH

As of May 3rd 2018

The following Privacy Notice applies to the website of YOGI TEA GmbH.

A. Privacy Notice

 

1. Who are we and what do we do?

We, YOGI TEA GmbH, Burchardstraße 24, D-20095 Hamburg, telephone: +49 (0)40 – 42 30 11-0, e-mail: info.eu@yogiproducts.com are responsible within the meaning of the laws on data protection for processing data in connection with this Privacy Notice (hereafter also referred to as “YOGI TEA”, “we” or “us”).

For more than 40 years YOGI TEA has been synonymous with delicious herbal and spice teas based on unique Ayurveda tea recipes whose roots go back to the 3,000-year-old Indian philosophy of Ayurveda.

2. How can you contact our data protection officer?

Should you have any questions on this Privacy Notice or generally on the processing of your data by YOGI TEA, please refer to our data protection officer:

GWS GmbH (managing director: Tabea Knabe), can be contacted through dataprotection.eu@yogiproducts.com

3. Which personal data do we process?

Personal data means “any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Article 4 no. 1 of the General Data Protection Regulation). Personal data includes for example name, e-mail address, address and data of birth.

When we process personal data, that means that we, for example, record, store, use, transmit to others or delete this data.

Registration data: We process firstly all data from you that you send us in connection with your registration to the Yogi Tea media data bank under https://www.yogitea.com/en/medialibrary/. These are the personal data that are necessary in order to justify and fulfil registration (e.g. name, company, e-mail address).

Competitions: We first process all your data that you send us in connection with participation in competitions. These are the personal data required in order to carry out the competition (e.g. name, company, e-mail address).

Data on online behaviour and preferences: We also process data such as IP addresses and information on visits to our website.

Customer complaints and compensation products: We process data from you that you send us in connection with a complaint. These are the personal data that are necessary in order to conduct and handle complaints as well as for the shipment of compensation products (e.g. name, e-mail address, address).

4. For which purposes and on which legal basis do we process your personal data?

We process your data for the following purposes and on the basis of the legal principles stated:

  • Orders for services in the media data bank, such as pictures of all the products in our range in various data formats as well as brochures and sales documents for downloading.
    Legal basis: fulfilment of a contract
  • Provision of services as part of competitions such as notification of prizes, their processing and dispatch.
    Legal basis: fulfilment of a contract
  • Orders for services with respect to customer complaints as well as compensation products, handling and shipment
    Legal basis: legitimate interest (we have a legitimate interest in processing the data should our customers contact us in this respect as well as for the handling of such complaints)
  • Evaluation of your behaviour as an online user for purposes of market research and in order to improve what we offer (see also section 9 on this respect)
    Legal basis: legitimate interest (we have a legitimate interest in learning how you use our website in order to be able to improve our offer and to adapt this offer to our users)
  • Identification of malfunctions and ensuring the security of the system including the disclosure of and follow up on unauthorised access or attempted access to our Internet server
    Legal basis: fulfilment of our legal obligations in the field of data security as well as weighing of interests (we have a legitimate interest in eliminating malfunctions, ensuring that the system is secure and the disclosure and follow up of unauthorised access attempts and access)
  • Safeguarding and defence of our rights
    Legal basis: legitimate interest (we have a legitimate interest in asserting and defending our rights)

Please note your rights to object when data is processed for purposes of direct marketing or for personal reasons and your right to revoke your consent (see section What rights do you have? and the section Information on your rights to object).

5. Who receives your data and why (data recipients)?

 

5.1 General

As a matter of principle, we only give your data to third parties provided this is necessary in order to fulfil the contract, we or the third party have a legitimate interest in forwarding the data or you have given your consent to the data being forwarded. Should data be forwarded to a third party on the basis of a legitimate interest, this is explained in the Privacy Policy. Furthermore, data may be forwarded to third parties should this be required of us due to provisions of the law or enforceable orders by a public authority or court of law.

5.2 For what reasons do we forward your data to third parties?

We reserve the right to use service providers in recording or processing data. Service providers only receive personal data from us that they require for their specific function. Therefore, your e-mail address may be forwarded to a service provider, for example in order that it can deliver a newsletter you have ordered. Service providers may also be appointed to make server capacity available.

Specifically, the following types of service provider are involved:

  • IT service providers (technical support), Germany
  • Web design service providers, Germany
  • Media purchase service providers, Germany
  • Media purchase service providers, Ireland or USA
  • Business / helpdesk software providers, USA

5.3 When do we forward data to countries that do do not belong to the European Economic Area?

We also give data to data processors that have a registered office in non EEA countries (so called third countries).

This refers to data processors in the following countries: USA, Switzerland

In this case, prior to forwarding the data, we ensure either that the recipient has an appropriate level of data protection (e.g. through the recipient’s self certification for the EU-US Privacy Shield in conjunction with the appropriate adequacy decision by the Commission in accordance with article 45 GDPR or in the agreement of so called EU standard contractual clauses of the European Commission with the recipient in accordance with article 46 GDPR) or our users have explicitly given their consent.

You can obtain a summary from us of recipients in third countries and a copy of the specifically agreed rules in order to ensure an adequate level of data protection. Please use the information in the section Contact for this purpose.

6. How long do we store your data and which retention periods apply to this area?

We store your data for as long as this is required in order to provide our online offer and the related services or should we have a legitimate interest in continued storage. In all other cases, we delete your personal data with the exception of such data as we must continue to hold in fulfilment of legal (e.g. tax and commercial law) retention requirements (e.g. invoices). We block data subject to a retention period until the retention period ends expires.
The following exact retention periods apply:

Registration data: For as long as you are registered with our media data bank and after it has ended [immediate deletion]

Data derived from competitions: As long as the competition is being carried and processed after it has ended for [2 months]

Data relating to online behaviour and preferences: [2 years]

Data relating to complaints of customers: As long as the complaint is being handled by us and after it has been handled for 1 year.

7. What are log files and what do we use them for?

Every time you use the Internet, certain information is automatically transmitted from your Internet browser and stored by us in so called log files.

We store the log files for a period of seven to ten days in order to identify malfunctions and for security reasons (e.g. in order to clarify attempted attacks) and they are then deleted. Log files that are retained longer for purposes of proof are excluded from deletion until the case concerned is finally clarified and may in certain cases be forwarded to the investigating authorities.

The following information in particular is stored in the log files:

  • IP address (Internet protocol address) of the terminal from which the online offer was accessed;
  • Internet address of the website from which the online offer was visited in order to obtain the offer (so called origin or referrer URL);
  • Name of the service provider through which access to the online offer was made;
  • Name of the files or information visited;
  • Date and time as well as the length of the visit;
  • Quantity of data transmitted;
  • Operating system and information on the Internet browser used including add ons installed (e.g. for Flash Player);
  • http-status code (e.g. “Enquiry successful” or “Requested file not found”).

Selected information derived from log-files (not the IP address) is also used in order to analyse the web. 

8. What are cookies and what do we use them for?

 

8.1 How do cookies function?

Cookies are small text files that are sent when a website is visited and stored in the browser. If this website is visited again, the user’s browser returns the contents of the cookie and thus enables the user to be recognised again. Certain cookies are automatically deleted after the end of the browser session (so called session cookies), and others are stored for a specified length of time or stored permanently in the user’s browser and then delete themselves automatically (so called temporary or permanent Cookies).

8.2 What data are stored in the cookies?

As a matter of principle, no personal data are stored in the cookies but only an online identification.

8.3 How can you prevent the storage of cookies or delete them?

You can deactivate the storage of cookies through your browser settings and delete cookies that are already stored in your browser at any time (see Technical advice). Please note however that without cookies this online offer might possibly not function or only function subject to limitations.
Please also note that objections to the creation of user profiles function partly through the use off a so called “opt out cookie”. If you delete all cookies, an objection might not therefore be considered and you will have to submit the objection again.

8.4 What kind of cookies do we use?

Cookies that are absolutely necessary
Certain cookies are required so that we can provide our online offer securely. This category includes for example:

  • Cookies that serve to identify or authenticate our users;
  • Cookies that temporarily store certain user inputs (e.g. contents of a shopping basket or an online form);
  • Cookies that store certain user preferences (e.g. search or language preferences);
  • Cookies that store data in order to ensure the troublefree reproduction of video and audio contents.

Analysis cookies
We use analysis cookies in order to record the behaviour of our users (e.g. subpages visited, search enquiries entered) and to analyse this behaviour statistically 
We specifically use the following cookies: 

_ga (Google; HTTP Cookie):
Registers a unique ID to generate statistical data relating to user behaviour (24 months).

_gac_UA-* (Google; HTTP Cookie):
Used by Google AdWords to identify the device (3 months ).

_gcl_au (Google; HTTP Cookie):
Used by the campaign manager to highlight the actions of users who visit the website after an ad has been displayed or clicked on (3 months).

_gid (Google; HTTP Cookie):
Registers a unique ID that is used to generate statistical data relating to use of the website by the user (1 day).

_gat_gtag_UA_* (Google; HTTP Cookie):
Is used to throttle the request rate (1 day).

cookieNotice18 (YogiTea; HTTP Cookie):
Controls the display of the cookie banner. Once accepted by the user, the banner disappears (Session end).

 

9. In what form do we operate a web analysis?

 

9.1 What is a web analysis?

We require statistical information on the use of our online facility in order to make it more user friendly, to measure its reach and to be able to operate market research.

We use the following web analysis tools for this purpose. The user profiles created by these tools with the aid of cookies or through the evaluation of log files are not amalgamated with personal data.

The providers of the tools only process data as job processors in accordance with our instructions and not for their own purposes.

The tools either do not use the users’ IP addresses at all or abbreviate them immediately after they have been recorded.

For each tool you will find information on the provider concerned and also how to object to the recording and processing of data by the tool.

It should be noted in the case of tools that work with opt out cookies, that the opt out function is equipment and browser based and only applies to the terminal or browser that is currently used. Should you use several terminals or browsers, you must set the opt out function on each terminal and on each browser used.

Moreover, you can prevent the creation of any user profiles by deactivating the use of cookies in general.

9.2 Google Analytics

Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Analytics with the additional function offered by Google to anonymise IP addresses: according to this function, Google generally abbreviates the IP address within the EU already and only in exceptional cases actually in the USA and in all cases only stores the IP address in abbreviated form.

You can object to the recording and evaluation of your data by this tool by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en. 

 

10. Which social media platforms are we present on?

We are present on several social media platforms. These are individually listed below. Customers, interested parties and/or users can communicate with us via these platforms and inform themselves about our activities and products.

In this context, we draw your attention to the fact that this may result in the processing of user data outside the European Union. This can pose risks to users visiting our social media pages.
In general, social media platforms also utilise user data for the purposes of market research and advertising. User behaviour is utilised for personalised advertising, for example. This takes account of the user’s interests. In order to achieve this, cookies are stored on the user’s device that allow conclusions to be drawn regarding user behaviour and the user’s interests.
We process personal data on social media platforms on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our aim is to ensure effective communication with users and to inform you of our activities and products. Where consent to data processing is required, such processing is carried out pursuant to Art. point (f) of Art. 6 (1) and Art. 7 GDPR.
We are unable to track all processing procedures on the social media platforms. You should therefore address any requests for information to the respective operator of the individual social networks. Only the operator has access to the user data and is thereby able to provide information or take the requisite measures in the event that you wish to assert your user rights. If you have any questions regarding data protection, however, you can also address these to us or our data protection officer.
For additional details and/or options for revoking your consent, we refer you to the individual sites:

10.1 Facebook

The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified in line with the EU-US Privacy Shield.
You can find Facebook’s data protection policy at:
https://www.facebook.com/about/privacy/

10.2 Instagram

The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
You can find Instagram’s data protection policy at:
https://help.instagram.com/519522125107875

10.3 Twitter

The provider is the Twitter International Company, One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND.
You can find Twitter’s data protection policy at:
https://twitter.com/de/privacy

 

11. What forms of marketing do we conduct?

11.1 Adform Conversion-Tracking

We use the Conversion-Tracking service provided by Adform Germany GmbH, Gr. Burstah 50-52, 20457 Hamburg Germany. We use this to measure the success of our advertising tools. We deliver advertising banners via the Adform network. In this context, cookies are stored when visiting websites within the advertising network. These cookies contain an advertising ID and are valid for 60 days. No personal identification can be made via the cookie. We can merely identify which advertising tool led to your visit to the website.

If you do not wish to use Adform, you can deactivate the cookie. Instructions can be found at https://site.adform.com/privacy-center/platform-privacy/opt-out/.

11.2 Google AdWords

We use Google Conversion-Tracking via the AdWords service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. When you click on an advert delivered by Google and are redirected to our website, Google AdWords stores a cookie in your browser. This conversion-tracking cookie is stored as soon as a user clicks on a Google ad.

The cookie allows us to see when a visitor to our website has clicked on a Google ad, when they have been redirected, and which pages the visitor has looked at. The cookie is individual, i.e. each AdWords customer is assigned their own cookie.

This functionality is used to generate conversion statistics that Google provides to its customers. These statistics show how many users have clicked on an ad. However, it isn’t possible to personally identify customers.

The legal basis for Google AdWords is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data are sent to Google in the USA and stored there; this particularly includes your IP address. Google may pass these data on to third parties. We have no influence on this. We ourselves do not receive any data to identify the data subject.

Cookies are only stored for 30 days.
Google guarantees that it processes data securely and has therefore committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.

If you wish to prevent your data being processed by Google AdWords, you can do so via your browser settings. Here you can prevent the automatic storage of cookies / block cookies from the “googleadservices.com” domain. However, this can result in limited website functionality.

11.3 Google Remarketing

On our website, we use the Google Remarketing service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function serves the purpose of displaying adverts tailored to the user’s individual interests. For this purpose, cookies are stored on your computer that allow third-party providers, including Google, to record that you have visited our website with your browser. This information can then be used at a later date to present you with our adverts on other websites, e.g. during Google searches or on websites within the Google network.

The legal basis for Google Remarketing is the user’s consent pursuant to point (f) of Art. 6 (1) GDPR, i.e. you voluntarily provide your personal data. When visiting our website, your personal data may be sent to Google in the USA and stored there. However, Google states that no personal data of any description are recorded or stored during this processing. We have no influence on this and also do not receive any data via which a user may be personally identified.

You can find further information on data protection at Google and on the functionality of Remarketing in the Google data protection policy. Here too, you are able to deactivate the storage of cookies via your browser’s settings. You also have the option of preventing your data being recorded by Google Remarketing via the Google ad settings.

11.4 Conversion tracking with the Facebook Conversion Pixel

We use the “Conversion Pixel” / visitor action pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). By accessing this pixel via your browser, Facebook can recognise whether a Facebook ad was successful, i.e. whether it resulted in a pageview, for example. For this purpose, Facebook provides us exclusively with anonymised statistical data. This allows us to record the effectiveness of our Facebook ads for statistical and market-research purposes. Furthermore, we draw your attention to Facebook’s data protection policy. You can withdraw your consent at https://www.facebook.com/ads/preferences/.
 

12. What are your rights and how can you assert them?

 

12.1 Asserting your rights

In order to assert your rights, please use the inform in the Contact section. When doing this, please ensure that we can identify who you are with absolute certainty.

12.2 Your rights to information and correction

You may demand that we confirm to you whether we process personal data relating to you and you are entitled to information with respect to which of your data we process. Should your data be incorrect or incomplete, you may demand that they be corrected or completed. Should we have forwarded your data to third parties, we inform them of the correction, to the extent that this is stipulated by law.

12.3 Your right to deletion

Provided the legal conditions apply, you may demand that we delete your personal data immediately. This is particularly the case if

  • your personal data are no longer required for the reasons for which they were recorded;
  • the legal basis for processing was solely your consent and you have revoked this consent;
  • you have objected to processing for advertising purposes (“objection to advertising”);
  • you object to the processing on the legal grounds of a weighing of interests for personal reasons and should we be unable to prove that there are overriding legitimate grounds for processing;
  • your personal data were processed illegally; or
  • your personal data must be deleted in order to comply with legal requirements.

Should we have forwarded your data to third parties, we inform these third parties that the data have been deleted to the extent that this is stipulated by law.

Please note that your right to deletion is subject to limitations. For example, we must not and may not delete any information that we must continue to hold due to legal retention periods. Also your right to have data deleted does not apply to data that we require in order to assert, exercise or defend legal claims.

12.4 Your right to restrict processing

Provided that the legal conditions apply, you may demand that we restrict processing. This is particularly the case if:

  • you dispute the correctness of your personal data and then until we have the opportunity to verify its correctness;
  • processing is not being carried out legally and, instead of deletion (see the previous paragraph on this subject) you demand that their use be restricted;
  • we no longer need the data for the purposes of processing but you need this data in order to assert, exercise or defend your legal claims;
  • you have objected for personal reasons and then until it is clarified whether your interests are overriding.

In the event of right to restrict processing, we mark the data concerned in order in this way to ensure that these data are only processed within the strict limits that apply to restricted data (namely, in particular the defence of legal interests or with your consent).

12.5 Your rights to object

You have the right to object to our processing data for reasons relating to your particular situation provided that this is based on the legal grounds of a legitimate interest. You may also object to the processing of your data for advertising purposes (“objection to advertising”). Please also note in this context the section Information on your rights to object.

12.6 Your right to transfer data

You have the right to receive personal data, which you have given us in order to fulfil a contract or on the basis of consent, in a form that can be transferred. In this case, you may also demand that we transmit these data directly to a third party provided that this is technically feasible.

12.7 Your right to revoke consent

Should you have given us your consent to process your data, you may revoke this consent at any time to come into effect for the future. This does not affect the legality of any processing of your data that has taken place until the time consent is revoked.

12.8 Your right to complain to the regulatory authorities

You have the right to submit a complaint to a data protection authority. You may refer to the data protection authority that is responsible for your place of residence for this purpose. Alternatively, you may also refer to the data protection authority that is responsible for us, which is:

The Hamburg Commissioner for Data Protection and Freedom of Information
Klosterwall 6 (Block C)
20095 Hamburg
E-Mail: mailbox@datenschutz.hamburg.de

13. Are you required to give us certain information?

You can also visit our website without providing us with any data on yourself. In order to register however you are required to give us the personal data (e.g. name, date of birth, e-mail address) needed in order to establish and implement the contract; we identity this compulsory information with *. Should you not wish to give us this information, we are unfortunately unable to register you as a member.

14. Do we make fully automated decision?

We do not make any fully automated decisions in connection with this data protection declaration in individual cases with legal or comparable consequences.

15. What data do we collect from third parties?

We do not collect any data on you from third parties (e.g. credit agencies or social networks)

16. Google reCAPTCHA

We monitor our homepage to see whether our contact form is being used by a real person or a machine/automated service. This monitoring is performed by the reCAPTCHA function offered by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). In this context, personal data (including the IP address) are sent to Google. These are processed on the basis of a legitimate interest pursuant to point (f) of Art. 6 (1) GDPR. Our interest is to avoid spam and the misuse of our homepage.

This processing may result in data being sent to Google LLC in the USA. Google guarantees that it adheres to the European data protection standard and is certified in accordance with the so-called “Privacy Shield” (https://www.privacyshield.gov/list). Additional information regarding the data protection policy of Google reCAPTCHA can be found at https://www.google.com/intl/de/policies/privacy/

Add store

It is sometimes the case that personal data are processed when entering the details of a store (e.g. name of the store, e-mail address, telephone number). The entered data are accessible to visitors of our homepage (“Store Locator”). By clicking on “Save”, you agree to this processing. The legal basis for this is your consent pursuant to point (a) of Art. 6 (1) GDPR. Furthermore, we draw your attention to our data protection policy.

 

B. Information on your rights to object

 

Right to object to direct marketing

You may submit an objection to the processing of your personal data for advertising purposes at any time (“objection to advertising”). We will then cease processing your data for advertising purposes. Please bear in mind however that, for organisational reasons, there might be an overlap between your objection and use of the data as part of a campaign that is already in progress.

Right to object for personal reasons

You have a right to object to our processing personal data for reasons that relate to your particular situation, provided that this is based on the legal grounds of a legitimate interest. We will then cease processing your personal data, unless we are able to prove compelling reasons for continued processing that are worthy of protection, which override your rights or interests or are only processing this information in order to assert, exercise or defend legal claims.

Objections are not bound to any particular form. Please send your objection if possible to:

YOGI TEA GmbH
Burchardstraße 24
D-20095 Hamburg

Telephone: +49 (0)40 – 42 30 11-0
E-mail: dataprotection.eu@yogiproducts.com 

 

C. Contact

You can contact us as follows:

YOGI TEA GmbH
Burchardstraße 24
D-20095 Hamburg

Telephone: +49 (0)40 – 42 30 11-0
E-Mail: dataprotection.eu@yogiproducts.com 

 

D. Technical advice