DATA PROTECTION


1. Information on data protection

General information

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on this website

Firstly, your data is collected by you providing it to us. This can be, for example, data that you enter into a contact form.

Other data is collected automatically or after your consent by out IT systems when visiting the website. This is mainly technical data (e.g. Internet browser, operating systems, or time of page view). The collection takes place automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected to ensure error-free operation of the website. Other data may be used to analyze your user behavior. This is done primarily with so-called analysis programs. You can find more detailed information about analysis tools and other third-party tools in the following privacy policy.

2. Responsible Party

The party responsible for the processing of your personal data on our website is

sanoctua GmbH & Co. KG
Wildstr. 20
D-89522 Heidenheim a. d. Brenz
Germany

Phone: +49 7321 757 8150
Email: info@sanoctua.com
Web: www.sanoctua.com

Amtsgericht Ulm | HRA 726 293
VAT ID: DE 321 684 648

Personally liable partner of sanoctua GmbH & Co. KG:
sanoctua Management GmbH
Wildstraße 20 | 89522 Heidenheim a. d. Brenz | Germany
Amtsgericht Ulm | HRB 743 523
Managing Directors: Tanja Reischl-Stenske, Christian Stenske, Michael Flach

3. General notes and obligatory information

Data protection

We take the protection of your personal data very seriously. Therefore, we treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data by which you can be personally identified. This privacy policy explains which data we collect, what we use it for, and for what purpose.

We would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of the data against access by third parties is not possible.

Storage duration

Unless a specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies.

If you assert a legitimate request for deletion or if you revoke consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law). If such reasons exist, the deletion will take place after they cease to exist.

General information on the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR, if special categories of data are processed according to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a. GDPR. If you have consented to the storage of cookies or to the access to information in your terminal (e.g. via device fingerprinting), the data processing is additionally carried out on the basis of Section 25 (1) TTDSG. The consent can be revoked at any time.

If your data is required for the performance of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR.

In addition, we process your data, insofar as this is necessary for the fulfillment of a legal obligation, on the basis of Art. 6 (1) lit. c GDPR.

Furthermore, data processing may be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. We inform you about the relevant legal basis in each individual case in the following paragraphs of this privacy policy.</p

Note on data transfer to the USA and other third countries

Among other things, we use tools from companies based in the USA or other third countries that are unsafe according to the GDPR. If these tools are activated, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to the one in the EU can be guaranteed in these countries.

For example, US companies are obliged to hand over personal data to security authorities without you as a data subject being able to take legal action against this. It can therefore not be ruled out that US authorities (e.g. intelligence services) process, evaluate, and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

4. Technical implementation

Hosting

The web server for the operation of our website is operated technically by Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany ("Strato"). When you visit our website, Strato collects various log files including your IP address. All Strato products are hosted exclusively at Strato data centres in Germany (https://www.strato.de/sicherheit/).

For more information, please refer to Strato's privacy policy: https://www.strato.de/datenschutz

The use of Strato is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

We have concluded a data processing agreement with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as the hosting of the website or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol on your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

5. Data collection and use

Visit to this website

You can visit our website without giving any details about your person. When you visit our web pages, you transmit data via your Internet browser to the Strato AG web server for technical reasons. This data includes:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Web browser and operating system used
  • IP address of the requesting computer
  • Transferred data volume

This data is only used to provide the online service.

Cookies

This website uses cookies. Cookies make websites more user-friendly and efficient for the user. A cookie is a small text file that is used to store information.

When visiting a website, the website may place a cookie on the website visitor's terminal, which is stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal.

If the user visits a website again later, the website can read the data from previously stored permanent cookies and thus determine, for example, whether the user has visited the website before and which areas of the website the user was particularly interested in. Permanent cookies remain stored on your terminal until you delete them yourself or until they are automatically deleted by your web browser.

More information about cookies can be found on Wikipedia.

In some cases, cookies from third-party companies may also be stored on your terminal when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to evaluate user behavior or display advertising.

Cookies that are necessary to carry out the electronic communication process, to provide certain functions requested by you, or to optimize the website are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimal availability of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG). The consent can be revoked at any time.

Cookies on our website

Our website uses the following providers:

  • sanoctua GmbH & Co. KG: Cookie Consent – This is used to store the consent to the use of cookies.
  • WordPress.com: Our website is compiled with WordPress.com. WordPress uses cookies for various purposes. You can find out more here: https://automattic.com/cookies/
  • Insofar as further cookies from third-party providers or for analysis purposes are used, we will inform you separately within the scope of this data protection declaration and, if necessary, request your consent.

Changing cookie settings

How the web browser handles cookies, which cookies are allowed or rejected, can be defined by the user in the web browser settings. Where exactly these settings are located depends on the respective web browser. Detailed information on this can be accessed via the help function of the respective web browser.

If the use of cookies is restricted, not all functions of this website may be fully functional.

Links to other websites

If we refer to or link to the websites of third parties through our website, we cannot assume any responsibility or liability for the accuracy or completeness of the contents and the data security of these sites. Since we have no influence on the compliance of third parties with data protection regulations, you should check the privacy policies of each site separately.

Request by email, fax, or phone

If you contact us by email, fax, or telephone, we will collect, process, and use your personal data solely for the purpose of processing your inquiry. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of requests addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (para. 6 (1) lit. a GDPR), if this has been requested. This consent can be revoked at any time.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after your request has been processed). Legal provisions, in particular statutory retention periods, remain unaffected.

6. Plugins and Tools

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

When our website is visited, a connection to Google's servers is established via software and data is transmitted to Google's servers, some of which are located in the USA. Google Analytics also uses cookies to store information about the website user and to analyze the use of the website by website users.

This website uses the function "Activation of IP anonymization". This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

According to Google, Google will store and use the collected data for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage. It is possible that Google will use the data for further purposes of its own (e.g. profiling and cross-platform tracking). Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Authorities of the US states also have access to this personal data.

Detailed information on the handling of user data by Google Analytics can be found in the data protection declaration (Privacy Policy) of Google (https://policies.google.com/privacy?hl=en) and Google Analytics (https://support.google.com/analytics/answer/6004245?hl=en).

Deactivating Google Analytics
  • You can generally prevent Google Analytics from collecting your user data on all websites by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
  • You can prevent Google Analytics from collecting your user data only on this website by enabling the following checkbox. An opt-out cookie is set which prevents the collection of your data on future visits to this website:
Google Maps

This site uses the map service Google Maps via an API (application programming interface). The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1) lit. a DSGVO and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find more details here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs.

Further information about the handling of user data can be found in Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

Google Ads and Google Conversion Tracking

This website uses Google Ads. Google Ads is an online advertising service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

With Google Ads, we use the so-called conversion tracking. When you click on an ad placed by Google, a cookie is set for conversion tracking. These cookies lose their validity after 30 days and are not used to personally identify the user. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page.

For more information on how Google processes your data for ads, please see Google's privacy policy (https://policies.google.com/privacy?hl=en) and the Google Ads Support page (https://support.google.com/google-ads/).

Google Fonts (local hosting)

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. Google Fonts are installed locally. A connection to Google servers does not take place.

For more information about Google Fonts, see https://developers.google.com/fonts/faq and the Google privacy policy: https://policies.google.com/privacy?hl=en.

Font Awesome (local hosting)

This site uses Font Awesome, provided by Font Awesome Team, for the uniform display of fonts and symbols. Font Awesome is installed locally. There is no connection to the servers of Font Awesome.

YouTube

This website embeds videos from the website YouTube. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is embedded, a connection to the YouTube servers is established, provided that you have activated the corresponding cookies. This tells the YouTube server which of our pages you have visited. For a correct display, YouTube also uses Google Font in this context, for which your IP address is sent to Google.

Furthermore, YouTube may store various cookies on your terminal or use comparable technologies for recognition (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts.

If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You could prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art.6 (1) lit. a DSGVO and §25 ( 1 ) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information on the handling of user data, please refer to YouTube's privacy policy at: https://policies.google.com/privacy?hl=en .

Meta Pixel

Our website uses the "Meta Pixel" of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereafter "Facebook", though other platforms of the Meta universe, such as Instagram, may be included). This allows the behavior of site visitors to be tracked after they have been redirected to our website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website. We can not draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes.

This allows Facebook to enable the placement of advertisements on pages of Facebook as well as outside of Facebook. Facebook may also store a cookie on your terminal device for this purpose. The data processed within Facebook and linked to cookies are automatically deleted after 90 days.

For more information about protecting your privacy, please see Facebook's privacy policy: https://www.facebook.com/about/privacy/

You can also disable the Custom Audiences remarketing feature in the Ads Settings section. To do this, you must be logged in to Facebook. If you don't have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: https://www.youronlinechoices.com/ (may vary depending on your location; please select your location accordingly).

Google Tag Manager

We use Google Tag Manager on our website. Google Tag Manager is a service of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). It is an auxiliary service that processes personal data itself only for technically necessary purposes. It takes care of loading other components, which in turn may collect data. Google Tag Manager does not access this data. We have concluded the data processing addendum for companies within the European Economic Area with Google.

When Google Tag Manager is accessed, the user's IP address may be transmitted to Google, some of whose servers are also located in the USA.

Please note that due to American laws such as the Cloud Act, American authorities, such as intelligence agencies, could possibly gain access to personal data that is inevitably exchanged with Google due to the Internet Protocol (TCP) when this service is integrated.

For more information about Google Tag Manager, please see Google's privacy policy: https://policies.google.com/privacy?hl=en

7. Newsletter subscription

We offer you a free newsletter in which we inform you about current offers and promotions, as well as information about us, our products and everything related to health and well-being. If you would like to subscribe to the newsletter, you must provide a valid email address.

By subscribing to the newsletter, you agree to receive the newsletter and the explained procedures. We thus process your personal data on the basis of Art. 6 (1) lit. a DSGVO. The data you enter (at least your e-mail address) will only be used to personalize the newsletter and will not be passed on to third parties.

The newsletter dispatch is carried out by the dispatch service provider CleverReach®, a dispatch platform of CleverReach GmbH & Co. KK, Schafjückenweg 2, 26180 Rastede, Germany ("CleverReach").

Further information about the privacy policy of CleverReach is available at: .

Revocation and cancellation

You can revoke your consent to receive the newsletter at any time by sending an e-mail to info@sanoctua.com or by clicking on the link at the end of each newsletter and thus cancel the newsletter subscription. This will void your consent to receive the newsletter. After your cancellation, your personal data will be deleted, provided that the deletion does not conflict with any legal retention obligations.

reCAPTCHA

We use the service reCAPTCHA to determine whether a human or computer makes a certain entry in our newsletter form. The operator of the website is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use the Google service reCaptcha to determine whether a human or a computer makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer:

  • IP address of the terminal device used
  • the website you visit with us on which the captcha is embedded
  • the date and duration of the visit
  • the recognition data of the browser and operating system type used
  • Google account if you are logged in to Google
  • mouse movements on the reCaptcha areas and tasks that require you to identify images.

By using reCAPTCHA, your data is transferred to the Google server. The location of these servers may also be in the U.S.

There are several reCAPTCHA variants that can be used:

  • No CAPTCHA reCAPTCHA: The user places a checkmark in a checkbox labeled "I am not a robot."
  • Image reCAPTCHA: The user is shown 9 image sections, some of which have the same content (e.g. traffic lights) and must be marked accordingly.
  • Text reCAPTCHA: The user must enter a superimposed text in a field.
  • Invisible reCAPTCHA: The user does not have to perform any action themselves. Google checks in the background of the website whether the user is a human or a bot. To do this, Google tracks, among other things, cursor movements and the IP address of the user.

In addition, reCAPTCHA also checks whether a cookie has already been created in the user's browser. If this is not the case, Google sets a cookie. Google thus creates a kind of fingerprint of the user for reCPATCHA, which is also recognized on other pages. This makes it possible for Google to track users across pages.

Legal basis for the described data processing is Art. 6 (1) lit. f DSGVO. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

8. Social Media Profiles

Our online presence on Facebook, Instagram, YouTube, and LinkedIn

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information about our company and our products there.

When visiting our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms.

These can be used, for example, to display advertisements within and outside the platforms that presumably correspond to your interests. Cookies are generally used on your terminal for this purpose. In these cookies, the visitor behavior and the interests of the users are stored. This serves according to Art. 6 (1) lit. f. GDPR to protect our legitimate interests in an optimized presentation of our offer and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent (agreement) to the data processing, e.g. by means of a checkbox, the legal basis for the data processing is Art. 6 (1) lit. a GDPR.

For detailed information on the processing and use of data by the providers on their sites, as well as a contact option and your rights and setting options in this regard to protect your privacy, in particular objection options (opt-out), please refer to the privacy notices of the providers linked below. If you still need help in this regard, you can contact us.

The data processing is carried out on the basis of an agreement between jointly responsible parties pursuant to Art. 26 GDPR.

For Facebook/Meta, you can look up the specific agreement here: https://www.facebook.com/legal/terms/page_controller_addendum.

9. Your rights

We take the protection of your personal data very seriously. We treat the personal data that we store for order processing confidentially and in accordance with the statutory data protection regulations and this privacy policy.

Right to revoke your consent to data processing

Many data processing operations are only possible with your explicit consent. You can revoke consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the collection of data in special cases and in the case of direct marketing (Art. 21 GDPR)

If the data processing is not based on your consent, but on Art. 6 (1) lit. e or f GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.

If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims (objection under Art. 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. This also applies to profiling, insofar as it is associated with such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to information, deletion, and correction</6>

Within the scope of the applicable legal provisions, you have the right to information, correction, and deletion of the processing of your stored personal data at any time. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do this, you can contact us at any time. If you have restricted the processing of your personal data, this data – apart from its storage – may only be processed with your consent or for the assertion, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person, or for reasons of an important public interest of the European Union or a member state.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right of appeal to the competent supervisory authority

You also have the right of appeal to a competent supervisory authority. The authority responsible for us is the "Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg", available at https://www.baden-wuerttemberg.datenschutz.de/

This privacy policy was created with the assistance of https://www.e-recht24.de.

As of: 2022-11-10