What are cookies?
- INFORMATION COLLECTED
Some cookies collect information about browsing and purchasing behaviour when you access our websites via the same computer or device. This includes information about pages viewed, products purchased and your journey around a website. All data passed by cookies is anonymous and will never contain individual detail such as your name, address, telephone number or payment information but may contain our customer reference number that is unique to you. For more detailed information about how cookies work, please visit www.allaboutcookies.org.
- HOW ARE COOKIES MANAGED?
The cookies stored on your computer or other device when you access our websites are designed by:
- Susanne Aram Therapy or on our behalf, and are necessary to enable you to make purchases on our websites;
- third parties who participate with us in marketing programmes; and
- third parties who publish web banner advertisements for us.
- WHAT ARE COOKIES USED FOR?
Cookies are used with our marketing partners to present you with appropriate offers and advertising as you browse other sites on the internet, based on your browsing activity while on our site. Cookies also allow us to work alongside our web analytics partner, Google Analytics, to see how you like to use our website, which pages or special functions you prefer and help us to make them better. We may match the data we capture through cookies with personal data that we already hold about you to better understand you. This helps us to continually improve the relevance of our promotional communications, your shopping experience and our products and services. The main purposes for which cookies are used are:
- For functional purposes essential to effective operation of our websites, particularly in relation to online transactions, site navigation and preferences.
- For marketing and advertising, particularly web banner advertisements and targeted updates through digital channels and social media.
- To enable us to collect information about your browsing and shopping behaviour, helping us to improve your shopping experience and to monitor performance.
- To enable us to meet our contractual obligations to make payments to third parties when a product is purchased by someone who has visited our website from a site operated by those parties.
- MARKETING COOKIES
We work with partners who serve advertisements or present online offers on our behalf. Most of these marketing partners use both session and persistent cookies. These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. All data collected by third party cookies is anonymous and will never contain your name, address, telephone number, email address or payment details.
- WHAT TYPE OF COOKIES DO WE USE?
There are two types of cookie that may be used during your visit to our site:
1 Session cookies
Session cookies are deleted after each visit to our site. For example, when you are browsing our site, it will remember you for the duration of your visit, but the cookie will be removed from your computer as soon as you close down your internet browser. Session cookies allow you to add an item to the basket and then move through the checkout. Disallowing these cookies via your web browser will mean you are unable to place an order on this site.
2. Persistent cookies
Persistent cookies remember you for a set period of time, allowing wishlist and/or previously viewed products to be displayed the next time you visit our site and whether you were logged into your account.
- TURNING OFF AND DELETING COOKIES
Most web browsers will provide the option to turn off or disallow cookies. How you do this depends on the web browser you are using. Instructions for disallowing cookies can usually be found in the browser’s ‘Help’ menu. Note that in common with most other transactional websites, if you only disable third party cookies, you will not be prevented from making purchases on our websites but refusing the cookies we have used via your web browser will mean that you are unable to make a transactional purchase on our website. You may also find that the functionality of many other websites and services will be affected. Cookies can be deleted using your web browser. However, unless they are disallowed they will be re-applied the next time you visit a website.If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular desktop browsers are set out here (these may vary depending on operating system and browser version):
For Microsoft Internet Explorer:
- Choose the menu “Tools” then “Internet Options”
- Click on the “Privacy” tab
- Select “Advanced”
- Choose the appropriate settings
For Google Chrome:
- Choose “Settings” and click on “Advanced”
- Under “Privacy and Security” click “Content Settings”
- Click “Cookies”
- Choose Preferences > Privacy
- Click on “Block all cookies”
For Mozilla firefox:
- Click on the menu icon then select “Options”
- Click on the icon “Privacy & Security”
- Find the menu “cookie” and select the relevant options
For Opera 6.0 and further:
- Choose the menu icon and select “Settings”
- Click on “Privacy & Security”
- Choose the appropriate settings
Access to and storage of information in terminal equipment
By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR. In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done based on § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be conducted based on § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future. For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.
This website is hosted by an external service provider (hoster). This website is hosted in Germany. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. We collect the listed data to ensure a proper connection to the website and an error-free delivery of our services. The processing of this data is strictly necessary to make the website available to you. The legal basis for the processing of the data is our legitimate interest in the correct presentation and functionality of our website in accordance with Art. 6 Para. 1 lit. f GDPR. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.
#02 Data Collection When You Visit Our Website
When using our website for information only, we only collect data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:
– Our visited website
– Date and time at the moment of access
– Amount of data sent in bytes
– Source/reference from which you came to the page
– Browser used
– Operating system used
– IP address used (if applicable: in anonymized form)
Data processing is carried out in accordance with Art. 6 (1) point f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently, if there are any concrete indications of illegal use.
For reasons of technical security, to prevent attempts to attack our web server, we may temporarily store this data. After 26 month at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.
In order to make your visit to our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal and enable us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). If cookies are set, they collect and process specific user information such as browser and location data as well as IP address values according to individual requirements. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can check the duration of the respective cookie storage in the overview of the cookie settings of your web browser.
Please note that you can set your browser in such a way that you are
- be informed about the setting of cookies,
- only allow cookies in individual cases,
- exclude the acceptance of cookies for certain cases or generally,
- activate the automatic deletion of cookies when the browser is closed.
The cookie settings can be managed under the following links for each browser:
You can also manage cookies of many companies and functions used for advertising individually. To do so, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioural advertising and the like.
For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:
Please note that the functionality of our website may be limited if cookies are not accepted.
Change cookie settings
You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via our integrated thumbprint. You can find this at the bottom left of our website.
External links to social media
On our website social media (LinkedIn) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will only be transferred after the redirection to the respective provider. Information regarding the use of your personal data using the website can be found in the privacy policies of the visited websites.
Social media sites
In the following, you will find information on the handling of your data that is collected through your use of our social media sites on social networks and platforms. Your data will be processed in accordance with the legal regulations.
If your personal data is processed by the provider listed below, this provider is the data controller within the meaning of the GDPR. For the claim of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require support, please feel free to contact us at any time. We have an online profile on the social media platforms of the following providers:
- LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
Data protection officer
Information on how to contact the data protection officer can be found here:
- LinkedIn Ireland Unlimited Company: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
General information on social media platforms
Our data protection officer
If you have any concerns about data processing carried out by us as the data controller, you can reach our data protection officer at the contact details given at the beginning of this data protection declaration.
General data processing on the social media platforms
Data processing for market research and advertising
As a rule, personal data is processed on the company site for market research and advertising purposes. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. By means of the collected data, usage profiles can be created. These are used to display advertisements within and outside the platform that correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them.
Data processing when you contact us
We ourselves collect personal data when you contact us, for example, via a contact form or through a messenger service. Which data is collected depends on the information you provide and the contact data you have provided or released. These are stored for the purpose of processing the request and for the case of follow-up questions with us. Under no circumstances will we pass on the data to third parties without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that this does not conflict with any statutory retention obligations. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Data processing for processing contracts
If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the provision of the requested services. The legal basis for the processing of your data in this case is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.
Data processing based on consent
If you are asked by the respective platform providers for consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1) lit. a., Art. 7 GDPR. Consent given can be withdrawn at any time with effect for the future.
Data transfer and recipients
This website uses plug-ins of the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
If you visit one of the pages on our website into which a Vimeo video has been integrated, a connection to Vimeo’s servers will be established. As a consequence, the Vimeo server will receive information as to which of our pages you have visited. Moreover, Vimeo will receive your IP address. This will also happen if you are not logged into Vimeo or do not have an account with Vimeo. The information recorded by Vimeo will be transmitted to Vimeo’s server in the United States.
If you are logged into your Vimeo account, you enable Vimeo to directly allocate your browsing patterns to your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission and, according to Vimeo, on “legitimate business interests”. Details can be found here: https://vimeo.com/privacy.
Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.
Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.
We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.
We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.
Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.
#04 Contacting Us
When you contact us (e.g. via e-mail), personal data is collected. This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and for the associated technical administration. The legal basis for processing data is our legitimate interest in responding to your request in accordance with Art. 6 (1) point f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the facts in question have been finally clarified, provided there are no legal storage obligations to the contrary.
#05 Job Application
On our website, we may advertise current vacancies for which interested parties can apply by e-mail to the contact address provided. In order to be included in the application process, applicants should provide us with all the information and all the personal data required for a well-founded and informed assessment and selection. Such information includes general information about the person (name, address, telephone and/or e-mail address), as well as performance-specific evidence of qualifications required for a position. Where applicable, certain health-related information may be required in order to consider social protections under labor and social law. Which components an application must contain in individual cases for it to be considered and the form in which these components must be submitted by mail can be found in the respective job advertisement. After receipt of the application sent using the specified e-mail contact address, the application data is stored by us and evaluated exclusively for the purpose of processing the application. In the event of queries arising during the processing of the application we use, at our discretion, either the e-mail address provided by the applicant with his/her application e-mail address, or a telephone number provided by the applicant. The primary legal basis for this is § 26 para. 1 BDSG. In addition, consent in accordance with Art. 6 para. 1 lit. a GDPR in conjunction with § 26 para. 2 BDSG can be a legal basis. Insofar as special categories of health related information within the meaning of Art. 9 (1) GDPR (e.g. health data such as information about the severely disabled status) need to be requested from applicants and processed as part of the application process, such processing is carried out in accordance with Art.9 para. 2 lit. b. GDPR, so that we can fulfill the obligations arising from labor law and the law of social security and social protection law. Cumulatively or alternatively, the processing of such special categories of data may also be based on Art. 9 (1)(h) of the GDPR, if they are processed for the purposes of preventive health care or occupational medicine, for the assessment of the applicant’s fitness for work, for medical diagnostics, the provision or treatment in the health or social sector, or for the administration of health or welfare systems and services. If, in the course of the evaluation described above, the applicant is not selected or if an applicant prematurely with draws his/her application, the applicant’s e-mailed as well as all electronic correspondence, including the original application e-mail, will be deleted after 6 months at the latest following notification. This period is calculated on the basis of our legitimate interest in answering any follow-up questions about the application, e.g. relating to regulations on equal treatment of applicants. In the event of a successful application, the data provided will be processed for the purposes of the implementation of the employment relationship.
If you would like to receive the newsletter offered on our website with regular information about our offers and products, we need your email address as a mandatory information. We use the so-called double opt-in procedure for sending the newsletter. This means that we will not send you our newsletter by email until you have expressly confirmed that you agree to the dispatch of newsletters. In the first step, you will receive an email with a link to confirm that you, as the owner of the corresponding email address, would like to receive the newsletter in the future. With the confirmation you give us your consent according to Art. 6 para. 1 lit. a GDPR that we may use your personal data for the purpose of the desired newsletter dispatch.
When registering for the newsletter, in addition to the email address required for sending the newsletter, we store the IP address via which you have registered for the newsletter as well as the date and time of registration and confirmation so that we can trace any possible misuse at a later point in time. Legal basis for this processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.
You can cancel the newsletter at any time via the link inserted in each newsletter or by sending an email to the above-mentioned responsible party. After your cancellation, your email address will be deleted from our newsletter distribution list immediately, unless you have explicitly consented to continued use of the data collected or continued processing is otherwise legally permissible.
Data Transfer and Recipients
Your personal data is not transferred to third parties, unless
- we have explicitly pointed this out in the description of the respective data processing.
- you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
- the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms.
- there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
- required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.
In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. These contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.
#06 Rights of the Data Subject
In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:
The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.
The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.
The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defense of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.
The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in the Member State of your habitual residence, place of work.
The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Right to object
If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.
If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, considering the state of the art, the cost of implementation and the nature, scope, circumstances, and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.
#07 Duration of Storage of Personal Data
The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.
Automated decision making
Automated decision making or profiling according to Art. 22 GDPR does not take place.
Subject to change