Protecting your privacy and your personal data is very important to us. In the following, we will inform you in detail about which data is processed in which form when you visit our website or use our online shop.
Protecting your privacy and your personal data is very important to us. In the following, we will inform you in detail about which data is processed in which form when you visit our website or use our online shop.
Controller for the data processing activities:
Mona Naturprodukte GmbH
Adresse Schottengasse 10, 2. Stock, 1010 Wien
E-Mail: office@hain-celestial.eu
Tel.: 01 8972300
Data protection officer:
TÜV Süd Akademie GmbH
E-Mail: dataprivacy@hain-celestial.eu
According to the General Data Protection Regulation (“GDPR”), personal data means “any information relating to an identified or identifiable natural person (hereinafter: “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
In the following we will show you which data we process on which legal basis within the scope of the functions we offer you, how long we store your data for, and who may receive your data.
You can visit our website without giving any personal information. Each time a website is called up, the web server automatically saves only a so-called server log file, which contains the following data:
These access data are processed exclusively for the purpose of ensuring trouble-free operation of the site and for improving our offer. The legal basis for this data processing is our overriding legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR and § 165 para. 3 TKG [Austrian Telecommunications Act] in the provision of the website and a correct presentation of our offer. To host the website, we use an IT service provider: PROBASE APPLICATIONS LIMITED, 185 Fleet Road, Fleet, Hampshire, GU51 3BL, UK, who processes your data on our behalf. All access data will be deleted no later than seven days after the end of your visit to the site.
We offer you the option to contact us either by using a contact form or via our contact email. When using the contact form, you must provide us with your email address so that we can reply to your request. In addition, you can optionally and voluntarily provide us with your name, telephone number and your specific message. If you contact us at the email address given on our website, you at least provide us with your email address and any other information that you disclose in your email. We need to process this data so that we can process your request. The processing takes place in the context of establishing contact so that we can process and reply to your request. The legal basis for the processing of your data is always the implementation of pre-contractual measures and the fulfilment of our contract in accordance with Art. 6 para. 1 lit. b GDPR. If your request is not related to a contractual relationship, the legal basis for data processing is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in processing your request. We save your emails and contacts for as long as is necessary to process your request and then save them for a period of 6 months. This does not apply if you initiate a contractual relationship with us in the email or if your establishment of contact relates to an existing contractual relationship. In this case, the storage period depends on the underlying contract. If that is the case, you will be informed separately about the data processing taking place there.
If you want to subscribe to our newsletter, you must register for the newsletter. The registration takes place via the so-called double opt-in process, i.e., after you register for the newsletter, we will send you a confirmation email in which we ask you to give your consent by clicking on the confirmation link contained in the email.
In addition, you can also order the newsletter from the Joya-Info website on our webshop, which is operated by Mona Naturprodukte GmbH ("Mona"). With your consent, we will send your email address to Mona for this purpose.
In order to be able to send you our newsletter, we process the email address you provide. The legal basis for this and for the transmission of the email address to Mona is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
You can unsubscribe from the newsletter at any time by sending us a corresponding message (e.g. email, letter) or by clicking the unsubscribe link contained in every newsletter. We save your data for the purpose of sending the newsletter until you revoke your consent.
Newsletter tracking: Our newsletters contain so-called web beacons or tracking pixels, by means of which we can recognize whether and when an email was opened and which links in the email were followed by the personalized recipient. This data is stored by us so that we can optimally tailor our newsletter to the wishes and interests of our subscribers. Accordingly, the data collected in this way is used to send personalized newsletters to the respective recipient. The legal basis for processing your data in connection with newsletter tracking is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR in optimizing our advertising materials. We save your data for 90 days.
For the newsletter we use the service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, who processes your data on our behalf. For this purpose, the data saved when you subscribed to the newsletter (email address, possibly name, IP address, date and time of your subscription) will be transmitted to Sendinblue GmbH. Further information on data protection at Sendinblue can be found at: https://de.sendinblue.com/datenschutz-uebersicht/.
We process data of our customers and suppliers as well as of their employees for the purpose of establishing and administering the business relationship and fulfilling the contract as well as complying with related legal obligations. For example, the following categories of data are processed: Master data (such as name, company, registered office, address, contact details, internet address), contract data (such as subject matter, term, conditions), delivery note data (such as order number, date, quantity and description of the individual goods) as well as billing and payment data (such as IBAN, BIC, UID). These data are known to us because they are either disclosed to us by the data subjects themselves or we determine the data from publicly accessible sources (e.g. company register, UID directory of the Federal Ministry of Finance, website of the business partner). Insofar as the data subject is our contractual partner, the data processing is generally based on the necessity for the fulfilment of the concluded contract or the implementation of pre-contractual measures (Art. 6 para. 1 lit. b DSGVO). The legal basis for processing the data of employees of our contractual partners is the necessity to achieve our predominant legitimate interest in managing the business relationship (Art. 6 para. 1 lit. f DSGVO). Insofar as we collect, process and store personal data due to a legal obligation, the data processing is based on the necessity to fulfil this obligation (Art. 6 para. 1 lit. c DSGVO).
We generally store the master and contract data of our customers and suppliers for the duration of the contractual relationship. Insofar as we are obliged to do so according to company and tax law regulations, we keep data of business partners for at least 7 years from the end of the respective calendar year. In addition, we store the personal data necessary for the assertion, defense or defense of legal claims and their enforcement in official or judicial proceedings; in this respect, the data is stored until the expiry of the relevant limitation periods or the legally binding conclusion of the proceedings.
In addition to the transfer of data to third parties described under functions of the website, we use various IT service providers for the provision of individual IT services (e.g. IT service providers, IT security).
In the case of enquiries or complaints concerning products of our group companies, such enquiries are mainly forwarded anonymously to our group companies. However, there are cases in which anonymous processing is not possible, for example when processing warranties. In this case, we forward your personal data on the basis of predominant legitimate interests in the processing of your enquiry by the relevant group company, Mona Naturprodukte GmbH, FN 232453v, Schottengasse 10, 2nd floor, 1010 Vienna, to the extent necessary.
Depending on the situation, we may pass on data relating to our customers and suppliers or their employees to competent authorities (e.g. tax offices), legal representatives (e.g. when examining contracts and enforcing legal claims) and certification bodies.
For hosting our servers we use an IT service provider, PROBASE APPLICATIONS LIMITED, 185 Fleet Road, Fleet, Hampshire, GU51 3BL, UK, which processes your data on our behalf. We use Nitro Sign to obtain e-signatures.
We use software services offered by Microsoft, One Microsoft Way 157th Avenue NE, Redmond, WA 98052-7329, US, (so-called, for example, Microsoft Office, Microsoft Teams) for the following purposes: document storage and management, calendar management, e-mail dispatch, spreadsheets and presentations, exchange of documents, as well as chats and participation in audio and video conferences. In principle, these Microsoft services used are operated in the EU data centres of the geographical region Europe as well as in the UK. Insofar as the operation takes place in the UK, we rely on the decision of the EU Commission regarding the adequacy of the level of data protection for the United Kingdom.
We use Nitro | 21 Charlemont Place, St Kevins, Dublin 2, D02 WV10, www.gonitro.com to obtain electronic signatures.
Where service providers process personal data for us as processors, this is done on the basis of commissioned data processing contracts. The commissioned data processors process their personal data exclusively on our instructions and are only given access to their personal data to the extent that this is absolutely necessary for the performance of their tasks.
We are aware of the high importance of your data and therefore generally do not transfer it to countries outside the European Economic Area (so-called "Third countries"). If individual data processing is nevertheless associated with the transmission of your data to a third country, we will expressly inform you of this fact in this Privacy Policy and will inform you about the measures we have taken to ensure the required level of protection of your data.
The General Data Protection Regulation guarantees you certain rights that you can assert vis-à-vis us - provided that the legal requirements are met.
In connection with the data processing activities described in this Privacy Policy, you have no contractual or legal obligation to provide us with personal data. However, without the data you have provided, we will not be able to offer you our services.
We do not use automated decision-making, including profiling, within the meaning of Art. 13 para. 2 lit. f and Art. 14 para. 2 lit. g GDPR.
We use so-called “cookies” to expand the functionality of our website and to make it more convenient for you to use it. With the aid of these “cookies”, data can be saved on your computer when you visit our website.
When you use the website, cookies are stored on your computer. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using and through which certain information flows to the party that placed the cookie (in this case us). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
The website uses cookies to the following extent: Transient cookies (temporary use), persistent cookies (limited-time use), third-party cookies (from third-party providers)
Transient cookies are automatically deleted when you close the browser. This includes, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to the website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can delete the cookies at any time in the your browser’s security settings.
You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out, however, that our website may not function properly if the cookies that are necessary for it to function cannot be placed. In your browser settings, you can specify that cookies require your consent each time before they are saved and activated on your computer. You can find detailed information on your browser settings for the most common browsers on the providers’ websites or in these instructions.
When using functionally required cookies, we process your personal data in order to be able to provide basic functions of our website and the services you have requested, as well as to temporarily save your cookie settings. Functional restrictions could arise if these cookies are not used.
The legal basis for the processing of your data when using functionally necessary cookies is our legitimate interest in the provision of a fully functional website and the services you have requested, as well as in the temporary storage of your cookie settings (Art. 6 para. 1 lit. f GDPR, § 165 para. 3 TKG).
The following cookies are used on our website:
| Name | Provider | Purpose | Expires | Type |
|---|---|---|---|---|
| rc::a | This cookie is used to distinguish between humans and bots, which is beneficial for the website to generate valid reports about the usage of their website. | Persistent | HTML | |
| rc::c | This cookie is used to distinguish between humans and bots. | Session | HTML | |
| pf.keys | Required for the payment function provided by Google. | Persistent | HTML | |
| yt-player-bandaid-host | YouTube | Used to determine the optimal video quality based on the visitor's device and network settings. | Persistent | HTML |
| yt-player-bandwidth | YouTube | Used to determine the optimal video quality based on the visitor's device and network settings. | Persistent | HTML |
| CookieConsent | Cookiebot | Saves the user's consent status for cookies on the current domain. | 1 Jahr | HTTP |
| _hjAbsoluteSessionInProgress | Google Tag Manager | This cookie is used to count how many times a website has been visited by different visitors - this is done by assigning a random ID to a visitor so that the visitor is not registered twice. | 1 Tag | HTTP |
| _hjFirstSeen | Google Tag Manager | This cookie is used to determine whether the visitor has visited the website before or whether they are a new visitor to the website. | 1 Tag | HTTP |
| _hjid[x2] | Google Tag Manager | Sets a unique ID for the session.This allows the website to obtain data about visitor behaviour for statistical purposes. | 1 Jahr | HTTP |
| hjTLDTest | Google Tag Manager | The cookie is used to determine the SEO ranking for the current website - This service is provided by the third-party statistics and analysis service. | Session | HTTP |
| _ga | Google Tag Manager | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 2 Jahre | HTTP |
| _gat | Google Tag Manager | Used by Google Analytics to limit the request rate | 1 Tag | HTTP |
| _gid | Google Tag Manager | Registers a unique ID that is used to generate statistical data on how the visitor uses the website. | 1 Tag | HTTP |
| _hjIncludedInPageviewSample | Google Tag Manager | Determines whether the user's navigation should be registered in a specific statistical placeholder. | 1 Tag | HTTP |
| _hjIncludedInSessionSample | Google Tag Manager | Registers data on the website behaviour of visitors, which is used for internal analysis and website optimisation. | 1 Tag | HTTP |
| SeStatisticSession | Searchanise | Collects statistics about the user's visits to the website, such as the number of visits, average time spent on the website and which pages were read. | Persistent | HTML |
| yt-player-headers-readable | YouTube | Used to determine the optimal video quality based on the visitor's device and network settings. | Persistent | HTML |
| C | Adform | Used to check whether the user's browser supports cookies. | 30 Tage | HTTP |
| uid | Adform | Registers a unique user ID that the user's browser recognises when visiting websites that use the same advertising network. The purpose is to optimise the display of advertisements based on the user's movements and various offers from advertisers to display user advertisements. | 2 Monate | HTTP |
| IDE | Used by Google DoubleClick to record and report the user's actions on the website after viewing or clicking on one of the provider's ads, for the purpose of measuring the effectiveness of an advertisement and displaying targeted advertising to the user. | 1 Jahr | HTTP | |
| RUL | Used to check whether the user's browser supports cookies. | 1 Tag | HTTP | |
| NID | Registers a unique ID that identifies a returning user's device. The ID is used for targeted advertising. | 6 Monate | HTTP | |
| pagead/1p-user-list/# | Used to track whether the visitor has shown interest in certain products or events on multiple websites and how the visitor navigates between websites - This is used to measure advertising efforts and facilitates the payment of referral fees between websites. | Session | Pixel | |
| ClicksQueue | Searchanise | Used to track the user's interaction with the website's search bar function. This data can be used to offer relevant products or services to the user. | Persistent | HTML |
| ProductsSearch | Searchanise | Used to track the user's interaction with the website's search bar function. This data can be used to offer relevant products or services to the user. | Persistent | HTML |
| snize-recommendation | Searchanise | Used to track the user's interaction with the website's search bar function. This data can be used to offer relevant products or services to the user. | Session | HTTP |
| VISITOR_INFO1_LIVE | YouTube | Attempts to estimate user bandwidth on pages with integrated YouTube videos. | 179 Tage | HTTP |
| YSC | YouTube | Registers a unique ID to keep statistics of the videos from YouTube that the user has watched. | Session | HTTP |
| yt-remote-cast-installed | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Session | HTML |
| yt-remote-connected-devices | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Persistent | HTML |
| yt-remote-device-id | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Persistent | HTML |
| yt-remote-fast-check-period | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Session | HTML |
| yt-remote-session-app | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Session | HTML |
| yt-remote-session-name | YouTube | Saves the user settings when retrieving a Youtube video integrated on other websites | Session | HTML |
| ads/ga-audiences | Used by Google AdWords to re-engage visitors that are likely to convert to customers based on the visitor's online behaviour across websites. | Session | Pixel |
With your consent, we use non-functional cookies and similar tracking technologies (collectively: "non-functional cookies") in order to be able to statistically analyze and evaluate the use of our website, to adapt our website to the interests of our website visitors, and to optimally display the content of our website as well as to be able to show you personalized advertising.
The legal basis for the data processing is the consent you have given in accordance with Art. 6 para. 1 lit. a GDPR and § 165 para. 3 TKG. You can revoke your consent at any time with effect for the future or otherwise change your cookie settings subsequently by deleting the cookies in your browser and then reopening the page.
If you withdraw your consent for certain cookies, we will no longer save these cookies on your device when you visit our website in the future. The legality of the data processing carried out before the revocation is not affected by the revocation. Please note, however, that for technical reasons we cannot delete cookies that have already been saved with your consent. However, you can delete these cookies manually using your browser settings.
The following non-functional cookies are used on our website:
Google LLC (“Google”), 1600 Amphitheater Parkway, Mountain View, CA 94043 USA
We use Google Analytics on our website. Google Analytics is used for web analysis and optimization of use on the website. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. In the context of the tracking, information is also transmitted about the products ordered.
The data sent by us and linked to cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 36 months. You can find more information on terms of use and data protection at https://www.google.com/analytics/terms/de.html or at
https://policies.google.com/?hl=de.
You can prevent tracking by Google by using the following plug-in: http://tools.google.com/dlpage/gaoptout?hl=d
Hotjar Ltd., Level 2, St Julian’s Business Centre, 3 Elia Zammit Street, St Julian’s STJ 1000, Malta
On this website, Hotjar (web analysis services) collects and stores data, from which usage profiles are created using pseudonyms. These usage profiles are used to analyze visitor behavior and to improve and tailor our offers.
Google LLC (“Google”), 1600 Amphitheater Parkway, Mountain View, CA 94043 USA
We use the Google Maps map service from Google on our website. With the aid of Google Maps, we offer you address completion in order to ensure that the address is correct.
You can find more information on terms of use and data protection at https://www.google.com/intl/de_de/help/terms_maps.html or at
https://policies.google.com/?hl=de.
Meta Platforms Inc, 1601 Willow Road Menlo Park, CA 94025 United States. This website uses Meta's "Custom Audiences" remarketing function. This function is used to present interest-based advertisements ("Facebook Ads" , "Instagram Ads") to visitors of this website when they visit the social network. In doing so, it is transmitted to the Meta server that you have visited this website from and Meta assigns this information to your personal user account in the Meta Social Network.
More information at: https://www.facebook.com/about/privacy/
Google LLC (“Google”), 1600 Amphitheater Parkway, Mountain View, CA 94043 USA
Our website uses Google Ads. Ads is an online advertising program, and as part of the online advertising program we work with conversion tracking. After you click on an ad placed by Google, a conversion tracking cookie is placed. From the cookie, we and Google can tell that you clicked on an ad and were redirected to our website. Conversion cookies are used to create conversion statistics for Ads customers who use conversion tracking. More information can be found at: https://www.google.de/policies/privacy/
We maintain profiles on several social networks by which you can use to contact us. Currently these are Facebook, Instagram, YouTube, Pinterest and WhatsApp. As rule, for all processing of personal data that takes place there, for example when you visit the profile or leave a comment, only the respective network operator is the controller under data protection law. We ourselves have no knowledge of the data that the respective operator processes or of the individual data processing carried out by the operator. In particular, these will not be shared with us – at least in personally identifiable form. Like every other user of these social networks, we can only access the information you have published in your profile or otherwise made accessible in this context. At the following URLs, you can find more detailed information on the data processing taking place in the individual networks:
However, you do provide us with personal data when you send us a message or leave a post on our site. We use this personal data to respond to your message. For this purpose, your message from the social network may be imported into our own processing systems, so that we can respond more quickly and efficiently. For this reason, we use the service provider Falcon.io ApS, H.C. Andersens Boulevard 27, 1553 Copenhagen V, Denmark, which processes your data on our behalf, to respond to the messages.. We store your messages for as long as is necessary to process your request, and then we store them for a period of 3 years in case you contact us again with reference to your original inquiry. These purposes also represent our legitimate interest, for which we carry out this data processing (Art. 6 para. 1 lit. f) GDPR). Special features apply to data processing on our Facebook profile page, which you can find out under the separate Facebook privacy policy https://www.facebook.com/about/privacy/
We take all possible precautions to ensure the protection and security of your data. We welcome your questions and comments concerning data protection. If you have any questions about the collection, processing or use of your personal data, access, rectification, blocking or erasure of data or the revocation of your consent, please contact: dataprivacy@hain-celestial.eu