The responsible party for data processing is
AASAYA LifeScience GmbH
Lerchenweg 3
40789 Monheim am Rhein
Germany
Email: info@aasaya.de
Thank you for your interest in our online shop. The protection of your privacy is very important to us. Below we inform you in detail about how we handle your data.
1. Access data and hosting
You can visit our website without providing any personal information. Each time you access a website, the web server only automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data) and documents the access. This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. This serves to protect our legitimate interests in the correct presentation of our offer, which are overriding in the context of a balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO. All access data is deleted at the latest seven days after your visit to the site has ended.
Hosting
The services for hosting and displaying the website are partly provided by our service providers as part of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy. A data transfer may take place to a third country/ies for which the European Commission has not determined an adequate level of data protection due to the use of additional functions of our service provider. An adequate level of data protection is guaranteed by the conclusion of standard contractual clauses of the European Commission.
Eine Datenübermittlung kann an ein Drittland/ an Drittländer, für die die Europäische Kommission kein angemessenes Datenschutzniveau festgestellt hat, aufgrund des Einsatzes von zusätzlichen Funktionen unseres Dienstleisters erfolgen. Ein angemessenes Datenschutzniveau wird dabei durch den Abschluss von Standardvertragsklauseln der Europäischen Kommission gewährleistet.
2.1 Data processing for contract execution and for contacting us
2.1 Data processing for contract execution
For the purpose of contract processing (including enquiries about and processing of any existing warranty and performance claims as well as any statutory update obligations) in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we collect personal data if you voluntarily provide us with this information as part of your order. Mandatory fields are marked as such, as in these cases we absolutely need the data to process the contract and we cannot send the order without their specification. Which data is collected can be seen from the respective input forms.
Further information on the processing of your data, in particular on the transfer to our service providers for the purpose of order, payment and dispatch processing, can be found in the following sections of this data protection declaration. After complete processing of the contract, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 Para. 1 Sentence 1 lit. c DSGVO, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
2.2 Customer account
Insofar as you have given your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO by deciding to open a customer account, we will use your data for the purpose of opening a customer account as well as for storing your data for further future orders on our website. Deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described in this privacy policy or via a function provided for this purpose in the customer account. After deletion of your customer account, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
2.3 Contacting us
Within the scope of customer communication, we collect personal data in order to process your enquiries in accordance with Art. 6 (1) sentence 1 lit. b DSGVO if you voluntarily provide us with this data when contacting us (e.g. by contact form or e-mail). Mandatory fields are marked as such because in these cases we absolutely need the data to process your contact. Which data is collected can be seen from the respective input forms. After your enquiry has been processed in full, your data will be deleted unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data in a way that goes beyond this, which is permitted by law and about which we inform you in this statement.
3. Data processing for the purpose of shipment processing
For the purpose of fulfilling the contract in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO, we pass on your data to the shipping service provider commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
3. Data transfer to shipping service providers for the purpose of shipping notification
If you have given us your express consent during or after your order, we will pass on your e-mail address and
telephone number to the selected shipping service provider in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO
so that they can contact you before delivery for the purpose of delivery notification or coordination.
You can
revoke your consent at any time by sending a message to the contact option described in this data protection
declaration or directly to the shipping service provider at the contact address listed below. After revocation, we
will delete your data provided for this purpose, unless you have expressly consented to further use of your data or
we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this
declaration.
DHL Paket GmbH
Sträßchensweg 10
53113 Bonn
Germany
4. Data processing for payment processing
When processing payments in our online shop, we work together with these partners: technical service providers, credit institutions, payment service providers.
4.1 Data processing for transaction processing
Depending on the selected payment method, we pass on the data necessary for the processing of the payment transaction
to our technical service providers, who work for us within the framework of order processing, or to the commissioned
credit institutions or to the selected payment service provider, insofar as this is necessary for the processing of
the payment. This serves the fulfilment of the contract according to Art. 6 para. 1 p. 1 lit. b DSGVO. In some
cases, the payment service providers collect the data required for processing the payment themselves, e.g. on their
own website or via a technical integration in the ordering process. In this respect, the privacy policy of the
respective payment service provider applies.
If you have any questions about our payment processing partners
and the basis of our cooperation with them, please use the contact option described in this privacy policy.
4.2 Data processing for the purpose of fraud prevention and optimisation of our payment processes
Where applicable, we provide our service providers with further data, which they use together with the data necessary for the processing of the payment as our processors for the purpose of fraud prevention and optimisation of our payment processes (e.g. invoicing, processing of contested payments, accounting support). Pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, this serves to protect our legitimate interests in our protection against fraud or in efficient payment management, which outweigh our interests in the context of a balancing of interests.
4.3 Identity and credit check when selecting Klarna payment services
Klarna Direct Debit
If you choose to use the payment services of Klarna Bank AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden
(hereinafter referred to as Klarna), we request your consent pursuant to Art. 6 (1) sentence 1 lit. a DSGVO that we
may transmit the data necessary for the processing of the payment and an identity and credit check to Klarna. In
Germany, the credit agencies named in Klarna's data protection declaration may
be used for the identity and credit check. Klarna uses the information received about the statistical probability of
a payment default for a weighed decision about the establishment, implementation or termination of the contractual
relationship. You can revoke your consent at any time by sending a message to the contact option mentioned in this
privacy policy. This may result in us no longer being able to offer you certain payment options. You can also revoke
your consent to this use of personal data at any time vis-à-vis Klarna.
5. Advertising by e-mail
5.1 E-mail newsletter with registration, newsletter tracking with separate consent
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent in accordance with Art. 6 (1) p. 1 lit. a DSGVO. Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address from the list of recipients, unless you have expressly consented to further use of your data in accordance with Art. 6 Para. 1 Sentence 1 lit. a DSGVO or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this declaration.
If you have also given us your consent in accordance with Art. 6 (1) sentence 1 lit. a DSGVO to analyse our newsletter, we will also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").
For this evaluation, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular
- the page from which the page was requested (so-called referrer URL),
- the date and time of the request,
- the description of the type of web browser used,
- the IP address of the requesting computer,
- the e-mail address,
- the date and time of registration and confirmation
and the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.
Unsubscribing from newsletter tracking is possible at any time and can be done either by sending a message to the contact option described or via a link provided for this purpose in the newsletter.
The information will be stored for as long as you are subscribed to the newsletter.
5.2 Email newsletters without registration and your right to object
If we receive your e-mail address in connection with the sale of a product or service and you have not objected to
this, we reserve the right, on the basis of Section 7 (3) of the German Unfair Competition Act (UWG), to regularly
send you offers by e-mail for similar products to those you have already purchased from our range. This serves to
protect our legitimate interests in addressing our customers in an advertising manner, which outweigh our interests
in the context of a balancing of interests.
You can object to this use of your e-mail address at any time by
sending a message to the contact option described in this data protection declaration or via a link provided for
this purpose in the advertising e-mail, without incurring any costs other than the transmission costs according to
the basic rates.
After unsubscribing, we will delete your e-mail address from the list of recipients, unless
you have expressly consented to further use of your data in accordance with Art. 6 (1) p. 1 lit. a DSGVO or we
reserve the right to use data beyond this, which is permitted by law and about which we inform you in this
declaration.
5.3 Newsletter dispatch
The newsletter may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
The newsletter and the newsletter tracking described above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our relationship with them, please contact them using the contact facility described in this Privacy Policy.
5.4 Sending rating requests by e-mail
If you have given us your express consent to do so during or after your order in accordance with Art. 6 (1) sentence 1 lit. a DSGVO, we will use your e-mail address to ask you to rate your order via the rating system we use. This consent can be revoked at any time by sending a message to the contact option described in this data protection declaration or via a link provided for this purpose in the rating request.
The evaluation requests may also be sent by our service provider Trusted Shops GmbH Subbelrather Str. 15C, 50823 Cologne (Trusted Shops).
We receive information on the respective status from Trusted Shops (e.g. whether the evaluation request has been sent and whether it has arrived) as part of the sending of evaluation requests. This is done in accordance with Art. 6 (1) p. 1 lit. f DSGVO in order to fulfil our legitimate interest in receiving information about the rating invitations in order to carry out optimisations based on this, if necessary, as well as in order to fulfil the legitimate interest of Trusted Shops in being able to offer this service.
We are jointly responsible with Trusted Shops for the sending of rating invitations and for the collection and display of rating or status information.
Within the framework of the joint responsibility between us and Trusted Shops GmbH, please contact Trusted Shops GmbH, whose contact details can be found here, if you have any data protection questions or wish to assert your rights. Further information on data protection can be found in the following link here. Independently of this, you can also always contact us using the contact option described in this data protection declaration. Your enquiry will then, if necessary, be passed on to the other person responsible for answering it.
6. Protection of privacy on end devices
General information
In order to make visiting our website attractive and to enable the use of certain functions, we use technologies including so-called cookies on various pages. Cookies are small text files that are automatically stored on your terminal device. Some of the cookies we use are deleted at the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser on your next visit (persistent cookies).
Protection of privacy on end devices
When you use our online services, we use technologies that are absolutely necessary in order to provide the telemedia service you have expressly requested. In this respect, the storage of information in your terminal device or access to information already stored in your terminal device does not require consent.
For functions that are not absolutely necessary, the storage of information in your terminal device or access to information that is already stored in your terminal device requires your consent. We would like to point out that if you do not give your consent, parts of the website may not be available for unrestricted use. Any consent you may have given will remain valid until you adjust or reset the respective settings in your end device.
Any downstream data processing by cookies and other technologies
We use such technologies that are absolutely necessary for the use of certain functions of our website (e.g. shopping cart function). Through these technologies, IP address, time of visit, device and browser information as well as information on your use of our website (e.g. information on the contents of the shopping cart) are collected and processed. Within the framework of a balancing of interests, this serves overriding legitimate interests in an optimised presentation of our offer in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO.
In addition, we use technologies to fulfil the legal obligations to which we are subject (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for the data processing, can be found in the following sections of this privacy policy.
You can find the cookie settings for your browser at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™
Insofar as you have consented to the use of the technologies in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO, you can revoke your consent at any time by sending a message to the contact option described in the privacy policy.
7. Use of cookies and other technologies for web analysis and advertising purposes
Insofar as you have given your consent in accordance with Art. 6 para. 1 sentence 1 lit. a DSGVO, we use the following cookies and other technologies from third-party providers on our website. After the end of the purpose and the end of the use of the respective technology by us, the data collected in this context will be deleted. You can revoke your consent at any time with effect for the future. Further information on your revocation options can be found in the section "Cookies and other technologies". Further information including the basis of our cooperation with the individual providers can be found in the individual technologies. If you have any questions about the providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.
7.1 Use of cookies and other technologies for web analysis and advertising purposes
We use the technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), as described below. The information automatically collected by Google technologies about your use of our website is generally transmitted to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. There is no adequacy decision of the European Commission for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. If your IP address is collected via Google technologies, it will be shortened before being stored on Google's servers by activating IP anonymisation. Only in exceptional cases will the full IP address be transmitted to a Google server and shortened there. Unless otherwise stated for the individual technologies, the data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 DSGVO. Further information on data processing by Google can be found in Google's privacy policy.
YouTube video plugin
To integrate third-party content, data (IP address, time of visit, device and browser information) is collected via the YouTube video plugin in the extended data protection mode used by us, transmitted to Google and subsequently processed by Google only when you play a video.
7.2 Other providers of web analysis and online marketing services
Use of Matomo as a software solution for web analysis
For the purpose of website analysis, data (IP address, time of visit, device and browser information as well as information on your use of our website) is automatically collected and stored using the Matomo software from InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymised usage profiles are not combined with personal data about the bearer of the pseudonym without your express consent, which must be given separately. Data processing by Matomo takes place on our servers.
7.3 Use of Facebook services
Use of Facebook Pixel
We use the Facebook Pixel as part of the technologies of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2,
Ireland ("Facebook (by Meta)" or "Meta Platforms Ireland") described below. The Facebook Pixel automatically
collects and stores data (IP address, time of visit, device and browser information as well as information on your
use of our website based on events specified by us, such as a visit to a website or newsletter registration), from
which usage profiles are created using pseudonyms. In the context of so-called extended data matching, information
that can be used to identify individuals (e.g. names, e-mail addresses and telephone numbers) is also collected and
stored in hashed form for matching purposes. For this purpose, when you visit our website, a cookie is automatically
set by the Facebook Pixel, which uses a pseudonymous CookieID to recognise your browser when you visit other
websites. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to
compile reports on website activity and to provide other services related to website use, in particular personalised
and group-based advertising.
he information automatically collected by Facebook (by Meta) technologies about your use of our website is generally
transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there.
There is no adequacy decision of the European Commission for the USA. If the transfer of data to the USA falls
within our responsibility, our cooperation is based on standard data protection clauses of the European Commission.
Further information on data processing by Facebook can be found in Facebook's privacy policy (by Meta).
8. Social media
Our online presence on Facebook (by Meta), Instagram (by Meta), LinkedIn
Insofar as you have given your consent to the respective social media operator in accordance with Art. 6 (1) sentence 1 lit. a DSGVO, your data will be automatically collected and stored for market research and advertising purposes when you visit our online presences on the social media mentioned above, from which usage profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used for this purpose. For detailed information on the processing and use of data by the respective social media operator, as well as a contact option and your rights and setting options in this regard to protect your privacy, please refer to the data protection notices of the providers linked below. Should you still require assistance in this regard, you can contact us.
Facebook (by Meta) is a service of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland"). The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is generally transmitted to a server of Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no European Commission adequacy decision for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing in the context of a visit to a Facebook (by Meta) fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here.
Instagram (by Meta) is an offer of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Meta Platforms Ireland") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is generally transmitted to a server of Meta Platforms, Inc, 1 Hacker Way, Menlo Park, California 94025, USA and stored there. There is no European Commission adequacy decision for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission. Data processing in the context of visiting an Instagram (by Meta) fan page is based on an agreement between jointly responsible parties in accordance with Art. 26 DSGVO. Further information (information on Insights data) can be found here.
LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information automatically collected by LinkedIn about your use of our online presence on LinkedIn is usually sent to a server of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there. There is no European Commission adequacy decision for the USA. Our cooperation with them is based on standard data protection clauses of the European Commission.
9. Contact options and your rights
9.1 Your rights
As a data subject, you have the following rights:
- pursuant to Art. 15 DSGVO, the right to request information about your personal data processed by us to the extent specified therein;
- pursuant to Art. 16 DSGVO, the right to demand the correction of inaccurate or incomplete personal data stored by us without undue delay;
- in accordance with Article 17 of the DSGVO, the right to request the erasure of your personal data stored by us, unless further processing is required.
- in accordance with Art. 18 DSGVO, the right to demand the restriction of the processing of your personal data, insofar as the further processing of your personal data is not required.
- pursuant to Art. 20 DSGVO, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller;
- pursuant to Art. 77 DSGVO, the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Right of objection
Insofar as we process personal data as explained above in order to protect our legitimate interests, which prevail in the context of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If the processing is carried out for other purposes, you only have the right to object on grounds relating to your particular situation.
After you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
This does not apply if the processing is for direct marketing purposes. Then we will not further process your personal data for this purpose.
9.2 Contact options
If you have any questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data as well as revocation of consent given or objection to a specific use of data, please contact us directly using the contact details in our imprint.
