Data Privacy

Data protection

With the following information, we would like to give you an overview of the processing of your personal data by Dr. Grandel GmbH and your rights under the Data Protection Act. The details of what data is processed and how it is used essentially depends on the provision of our products and services.

Who is responsible for data processing and who can I contact?

Responsible contact:
DR. GRANDEL GmbH, Pfladergasse 7 – 13, 86150 Augsburg, Germany
Phone: +49 821 3202 0
Email: info@grandel.de

Data protection officer:
Andreas Wehrle, Pfladergasse 7-13, 86150 Augsburg, Germany
Phone: + 49 821/3202-167
Email: datenschutz@grandel.de

Data collection when you visit our website

You can visit our website without providing personal details. We only store access data in so-called server log files transmitted to us by your browser.

• Browser type/ version
• Operating system used
• Referrer URL (previously visited page)
• Host name of the accessing computer (IP address)
• Time of the server query
• Page visited on our website

This data is analyzed exclusively for the purpose of ensuring trouble-free operation of the site and improving our products and services and does not allow us to make any inferences regarding you as a person.

Data collection and use for contract processing and when a customer account is opened.

We collect personal data if you voluntarily provide it to us in the context of your order, when contacting us (e.g. by using the contact form or by email) or when you open a customer account. What data is collected is evident from the respective input forms and comprises the following in particular:

• Last name, first name, form of address
• Payment data
• Contact data (email, phone)
• Address and order information

We use the data you have provided for contract processing and to process your inquiries.

Please note that our collection of personal data is tied to specific purposes. Therefore, the following reasons for processing merely comprise a list.

• To provide our products & services
• To comply with statutory provisions
• For creditworthiness checks in the context of purchase processing involving insecure payment options
• To prevent fraud in connection with purchases
• For advertising purposes

Use of data when subscribing to our email newsletter

When subscribing to our email newsletter, your email address, form of address, first name and last name are used for our own advertising purposes with your consent until you unsubscribe from the newsletter.

If you wish to receive the newsletter offered on the website, we need you to provide us with a valid email address and information enabling us to verify that you are the owner of the email address provided and/or that the owner of the email address consents to receipt of the newsletter. No further data is collected.

You can revoke your consent to storage of the data and the email address and the use of same for delivery of the newsletter, including by the use of a link in the newsletter provided for that purpose, free of charge at any time.

Communication via WhatsApp

2. When offering and using WhatsApp, we rely on the Healvi software provided by Healvi GmbH, Franklinstraße 14, 10587 Berlin, which serves as an interface for our corporate account. As for WhatsApp, we use the WhatsApp Business Cloud API; hence, in addition to processing the metadata necessary for message transmission and encryption, WhatsApp processes your telephone number solely to help identify your account.

3. It should be noted that the content of your communication (i.e. the content of the message and any attached images) is encrypted from end to end. Consequently, no third parties can view the content of these messages. To ensure encryption of all message content, you should always use the latest messenger version, with the encryption feature activated. It should be pointed out, however, that while messenger providers cannot view message content, they can determine whether and when you communicate with us; they can also process technical information about the device used and – depending on your device settings – location information known as “metadata.”

4. Your use of WhatsApp is exclusively governed by the agreements you have entered into with WhatsApp. Under the WhatsApp Terms of Service, we have your phone number and user name through your contact details, along with the content of our communications with you. We use this and other information you provide in order to:
· Recognize and respond to you, and
· Send you messages via WhatsApp.

5. The legal basis for data processing is your consent pursuant to Art. 6 (1) (1) (a) GDPR, as use of the WhatsApp chat function is voluntary and occurs at your request if, for example, you do not contact us on your own to communicate with us about contracts or to enter into a contract. In this case, the legal basis for processing is Art. 6 (1) (1) (b) GDPR and, in the case of other interested parties, the legal basis is rooted in our legitimate interests in fast and efficient communication under Art. 6 (1) (1) (f) GDPR. You may contact us at any time by other means, e.g. by telephone or email.

6. You may withdraw your consent at any time, and you may object to communicating with us via WhatsApp at any time. In this case, we will erase the messages in accordance with our general erasure guidelines (e.g. following the end of contractual relationships, in connection with archiving specifications, etc.) – and otherwise as soon as we can assume that we have provided any information you have requested, as long as no reference back to a previous conversation is expected – no later than after 6 months, as long as erasure does not conflict with any statutory retention obligations.

7. We have concluded a data-processing agreement with Healvi, obligating it to protect our customers’ data and not to pass them along to third parties. Because personal data are transferred to the United States, additional protective mechanisms are required to ensure a level of data protection commensurate with the GDPR. To ensure this, we have agreed standard data-protection clauses with the provider in application of Art. 46 (2) (c) GDPR. These clauses oblige the recipient of the data in the US to process the data in a manner appropriate to the level of protection provided in Europe. In cases in which this cannot be ensured by means of this contractual addendum, we will strive to secure further arrangements and commitments on the part of the recipient. The provider of WhatsApp – WhatsApp Ireland Limited – transfers data to WhatsApp LLC with registered office in the US on the basis of the Data Privacy Framework. WhatsApp Ireland Limited has commissioned Meta Platforms Ireland Limited, Merrion Road, Dublin 4, Dublin
D04 X2K5, with hosting of the Cloud API; the latter also provides encryption on behalf of WhatsApp Ireland Limited.

Please use the following links to review the WhatsApp Terms of Service and information on privacy:

https://www.whatsapp.com/legal/?lang=en
https://www.whatsapp.com/privacy?lang=en
https://www.whatsapp.com/legal/business-data-processing-terms?lang=en and
https://www.whatsapp.com/legal/business-data-transfer-addendum?lang=en

Use of cookies

We use so-called cookies on various pages in order to make visits to our site attractive and enable the use of certain functions. These are small text files that are stored on your terminal device. Some of the cookies we use are erased again after the end of the browser session, i.e. after your browser is closed (so-called session cookies). Other cookies remain on your terminal device and enable us to recognize your browser on your next visit (persistent cookies). You can configure your browser in such a way that you will be informed when cookies are placed and are able to decide on their acceptance individually or can generally exclude the acceptance of cookies for certain cases. If cookies are not accepted, the functionality of our website may be limited.

In the following, you will find information on the cookies we use and the configuration option of your browser.

1. Strictly necessary cookies
These cookies are necessary in order to enable operation of our website. They include, for example, cookies that enable you to login to the customer area or place goods into the shopping cart.

2. Analytic / performance cookies
These cookies make it possible to collect anonymized data about the user behavior of our visitors. We then analyze these in order to, for example, improve the functionality of the website and show you interesting offers.

3. Functional cookies
These cookies are used for certain functionalities, for example, to suggest better navigation flow on our website to you and to show you personalized and relevant information (e.g. “interest-based advertising”).

4. Targeting cookies
These cookies record your visit to our website, the pages you have visited and the links that led you to them. We will use this information to tailor our website and the advertising shown to you to your interests.

5. Third-party cookies
These cookies of some of our advertising partners help to design what is offered on the Internet and our website to better suit your interests. Therefore, cookies of partner companies are also stored on your hard disk when you visit our website. These are temporary cookies that will be erased automatically after the specified time. Cookies of partner companies are generally erased after a few days or up to 24 months, after several years as well in individual cases. The cookies of our partner companies do not contain any personal data either. Data is merely collected under a user ID pseudonym. This pseudonymised data is not merged with your personal data at any time.

Please note that if you do not accept cookies, the functionality of our website may be limited.

Grandel offers you the opportunity to decide on the setting of cookies within our offering through a consent management ("cookie banner"). You always have the option to change the selection made there and to subsequently give or revoke your consent. To do so, you can access the settings options here.

How can I configure the cookies settings of my browser?

Every browser is distinguished by the way it administers cookie settings. This is described in the Help menu of every browser, which explains to you how you can change your cookie settings. You can find these for the corresponding browsers at the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari™: http://apple-safari.giga.de/tipps/cookies-in-safari-aktivieren-blockieren-loeschen-so-geht-s/
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
Firefox™ https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™ : http://help.opera.com/Windows/10.20/de/cookies.html

Use of SSL encryption

Dr. Grandel needs your personal data for various business transactions. For example, during the login process to your customer center, sensitive data has to be transmitted to our servers. We encrypt your personal data during the login process by using the SSL protocol (Secure Socket Layer protocol), so this data will not fall into the wrong hands. This is a tried and tested and very secure data transmission procedure on the Internet.

As a result of the use of the SSL protocol, your data is masked such that it cannot be reconstructed by a third party before it is transmitted to our server. In the context of this encryption procedure, measures are taken to ensure that your data is exclusively sent to the server from which it was requested. When the data reaches our server, it is conclusively checked to make sure it is complete and unaltered.

Disclaimer for the content of external linked Internet sites

If you use external links that are offered in the context of our Internet sites, this data privacy statement does not cover these links or linked websites. If we offer links, we will make every effort to ensure that they also meet our data privacy and security standards. However, we have no way of influencing compliance with the data privacy and security provisions by other providers. Therefore, please visit the Internet sites of the other providers and acquaint yourself with the data privacy statements provided there as well. At the time the links were set up, we were not aware of any violation of provisions relating to data privacy law by linked websites.

Transfer of data for the purpose of performing an agreement

In order to perform an agreement, we transfer data to the shipping company commissioned with delivery of the goods insofar as necessary to deliver the goods ordered. Depending on the payment service provider you selected in the ordering process, we transfer the payment data collected for this purpose to the bank commissioned with the payment and/or any payment service providers we may have commissioned and/or to the payment service provider selected for the purpose of payment processing. The selected payment service providers also collect some of this data themselves if you open an account with them. In this case, you must register with the payment service provider by using your login data in the ordering process. The data privacy statement of the corresponding payment service provider applies in this respect.

No transfer of personal data to third parties beyond the foregoing will take place without your consent. However, we are authorized to provide information about your data to responsible authorities in individual cases, insofar as they request your data for the purpose of exercising statutory powers (e.g. criminal prosecution). Your collected personal data will not be sold to third parties in any case.

Data protection

As we take the protection of your data seriously, we protect our website and other systems by technical and organizational measures against loss, destruction, access, alteration or dissemination of your data by unauthorized persons. However, despite regular checks, full protection against all risks is not possible.

How long is your data stored?

We process and store your personal data for as long as is required to meet our contractual and legal retention obligations under commercial and tax laws.

What are your data protection rights?

• Right to be informed
• Right to data portability
• Right to object
• Right to be forgotten
• Right to restrict processing (blocking)
• Right to rectification of data

Beyond that, there is also a right to lodge a complaint with a competent supervisory authority. You may revoke consent to processing of personal data that has been given vis-à-vis our company at any time. This also applies to the revocation of declarations of consent given vis-à-vis our company before the GDPR came into force, i.e. prior to 25 May 2018. Please note that the revocation only applies for the future. Any processing prior to the revocation will not be affected.