Data protection
Data protection
We attach great importance to data protection. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you our website and our services. In accordance with Art. 13 GDPR, we describe in this declaration which data is used by us, in what type and for what purpose and scope, and what options and rights you have in connection with the use of your personal data.
- Responsible body
The NF Health Care UG (limited liability), Haynstraße 9, 20249, Hamburg, represented by the managing director Fatemeh Afrousheh, is responsible for compliance with data protection for purchases of our items via Amazon. We have not appointed a data protection officer.
We are at your disposal for data protection inquiries. You have the following contact options for this:
Telephone: (+49) 040 55204156
Email: na@nf-healthcare.de
- Data collection on our website
Server log files
Insofar as you access our website, information is automatically transmitted by your browser to the server on our website. This information is only stored briefly in a so-called log file and is automatically deleted.
This includes the following data:
- Your IP address,
- Date and time of the call,
- Name and URL of the file you called up,
- Website from which the call was made (referrer URL),
- Information about the browser and operating system you are using,
- Name of your access provider.
These data are used for the purpose of ensuring a smooth connection establishment and comfortable use of our website as well as for evaluating system security and -stability used.
The legal basis for the data processing results from Art. 6 Para. 1 S. 1 lit.f GDPR, as we have a legitimate interest in collecting data for the aforementioned purposes. In addition, there is also a legal basis from Article 6 (1) (b) GDPR for the processing of data for the performance of a contract or pre-contractual measures.
The data are not used to draw conclusions about you personally.
Communication by email
You can also write to us directly by email. If you send a cover letter by e-mail, we will at least receive your e-mail address. All other specified data are optional. The data is collected for the purpose of initiating or executing contractual relationships in accordance with Art. 6 Paragraph 1 lit. b GDPR . In this respect, the use of personal data for this purpose is based on Article 6 (1) (f) GDPR.
We only use the data you provide to process your request. Insofar as your request is aimed at initiating or carrying out business, we will delete your data according to our internal deletion deadlines.
If your request is related to a different purpose, we will delete your data after processing, provided that there is no other legal basis for data storage.
Processing of customer and contract data
When initiating business, concluding and fulfilling contracts, we use the personal data you need for this purpose in accordance with Article 6 (1) (b) GDPR.
Data is only transmitted to third parties if and insofar as this is necessary for the contractual fulfillment, e.g. B. if a company has been commissioned to provide production or transport services or a credit institution has been commissioned to process payments.
This personal data is deleted after the statutory warranty periods have expired or after the statutory retention periods have expired.
You can also create a user account with us. For this it is necessary that you provide the data requested in the registration. In the user account, you can then view your specified and stored profile data as well as information on orders or products you have reserved. The user account is not publicly accessible. If you delete your user account, all data will be deleted, with the exception of data that we are obliged to store under commercial and tax law in accordance with Article 6 (1) (f) GDPR.
With every login, registration, order or other binding action, we save your IP address as well as the day and time. This is done for your protection and in accordance with Article 6 Paragraph 1 lit.
Furthermore, within the scope of your consent in accordance with Article 6 Paragraph 1 lit. GDPR, a cookie can be set which saves your data so that it is automatically entered on your next visit.
Shopify
We use the software and services of Shopify (USA) Inc. 33 New Montgomery St. Ste 750, San Francisco, 94105 CA, USA, on the basis of Art. 6 Para. 1 S. 1 lit. Shopify is used for the needs-based design and operation of our site as well as to facilitate the processing of contractual relationships. In this context, in compliance with officially recognized special contractual obligations (so-called "standard contractual clauses"), personal data is transferred to Shopify International Limited Victoria Buildings, 2nd floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland as part of an order processing contract. The parent company of Shopify International Limited is a Canadian company headquartered in the capital Ottawa. In addition to European data protection law (GDPR), the Canadian data protection law (PIPEDA), which the European Commission has declared to be appropriate, also applies to the processing and protection of data. Further information on data protection can be found here: https://www.shopify.com/legal/privacy .
Processing by payment service providers
In the case of paid services, we process your personal data, in particular payment data (account, credit card and other bank data) on the basis of Art. 6 Para. 1 lit. b GDPR. This is done for the purpose of executing the contract (payment processing / accounting). If necessary, your payment data will be transmitted to service providers (credit institutions, payment providers, accounting service providers) or processed directly by them for the payment transaction and for billing.
Your payment data will be stored for the duration of the contractual relationship and will be deleted after the contractual relationship has been completely terminated (until all mutual contractual obligations have been concluded), provided that there is no other legal basis for data storage.
We use the following payment providers:
PayPal
PayPal privacy policy: https://www.paypal.com/de/smarthelp/article/datenschutz-und-sicherheit-faq3712
Sofortüberweisung (www.sofort.de)
Data protection declaration of Sofortüberweisung: https://www.klarna.com/sofort/datenschutz/
Cookies
Our website contains cookies. Cookies are small text files that are stored on your device. They help us to make it easier for you to navigate through our offer and enable the website to be displayed correctly. They should support the user-friendliness of the website and are of course completely harmless to your device. As a result, information is temporarily collected in connection with the device you are using and the software you are using. Conclusions about your identity are not drawn from this.
For example, we use so-called "session cookies". These cookies are automatically deleted after your visit. We also use cookies that are stored on your terminal device, for example to make it easier for you to use our site on another visit and to recognize your browser the next time you visit ("permanent cookies"). You can of course delete these cookies manually at any time.
We also use cookies to statistically record and evaluate the use of our website. This is done for the purpose of further optimizing our offer for you.
We also use cookies for pseudonymized range measurement. You will be further informed about this below.
The cookies that are absolutely necessary for the operation of our website, i.e. without which our website cannot be displayed, are used for this purpose to safeguard our legitimate interests according to Art. 6 Para. 1 S. 1 lit.f GDPR. These are automatically deleted after a defined period of time.
The cookies that are required for the processing of contracts or for the contractually agreed use of our website are used in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. These are automatically deleted after a defined period of time.
The use of necessary cookies not as described above is based on your consent in accordance with Article 6 (1) (a) GDPR. Your consent can be withdrawn at any time with immediate effect. To do this, go to the settings of the browser you are using and select "Delete browser data". You must have selected "Cookies and other website data" and then remove them.
Of course, you can also view our website without cookies. To do this, you must prevent cookies from being saved on your hard drive by selecting "do not accept cookies" in your browser settings. For a more detailed description, please refer to the instructions from your browser manufacturer. You can also use the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http: // www. youronlinechoices.com/uk/your-ad-choices/) to deactivate cookies. If you do not accept cookies, this can lead to functional restrictions on our website.
- Transfer of data
Your personal data will generally not be passed on to third parties. However, in exceptional cases, data can be transmitted for the following reasons:
- insofar as you have given your express consent, Art. 6 Para. 1 S. 1 lit. a GDPR
- to the extent that disclosure is required in accordance with Art. 6 Paragraph 1 Sentence 1 Letter f GDPR and there is no overriding legitimate interest in not disclosing your data
- Insofar as we are legally obliged to pass on the data, Art. 6 Paragraph 1 Sentence 1 lit. c GDPR
- to the extent that disclosure is permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 S. 1 lit.
Insofar as your data is processed by third parties commissioned by us, this is done on the basis of Art. 28 GDPR by means of an order processing contract.
- Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this happens in the context of the use of third-party services or disclosure or transmission of data to third parties, this will only take place if it happens to fulfill our (pre) contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual approvals, we process or have the data processed in a third country only if the special requirements of Art. 44 ff. GDPR are met. This means that processing takes place on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
- Affected Rights
- Right to information Art. 15 GDPR
You have the right to request confirmation from us as to whether we are processing your personal data. If this is the case, you can request information about this personal data and the following information:
- the purposes of processing
- the categories of personal data that are processed
- The recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
- if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- The existence of a right to correct or delete your personal data or to restrict processing or a right to object to this processing
- the existence of a right to lodge a complaint with a supervisory authority
- if the personal data are not collected from you, all available information about the origin of the data
- the existence of automated decision-making including profiling in accordance with Article 22 Paragraphs 1 and 4 GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
- Right to rectification Art. 16 GDPR
You can immediately request the correction of incorrect personal data or the completion of your personal data stored by us.
- Right to deletion (right to be forgotten) of your data, Art. 17 GDPR
You can request the deletion of your data stored by us, insofar
- the personal data not for the purposes for which they were collected or otherwise processed or are no longer necessary;
- You revoke your consent on which the processing is based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and there is then no other legal basis for the processing;
- You object to the processing in accordance with Article 21 Paragraph 1 GDPR and there are no overriding legitimate reasons for the processing or you object to the processing in accordance with Article 21 Paragraph 2 GDPR;
- the personal data has been processed unlawfully;
- the deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which you are subject;
- the personal data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
We are obliged to delete the data on submission of the requirements, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
- Right to restriction of processing, Art. 17 GDPR
You have the right to demand that we restrict processing in this regard
- you dispute the correctness of the personal data, but only for the period that enables us to check the correctness of the data;
- the processing is unlawful and you do not want your personal data to be deleted straight away, but instead request that the use of the personal data be restricted;
- we no longer need the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
- You have lodged an objection to the processing in accordance with Article 21 (1) GDPR, as long as it has not yet been determined whether the legitimate reasons on our part outweigh you.
Insofar as processing is restricted, we may only store your personal data with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.
You will be informed again before the restriction is lifted.
- Right to data portability Art. 20 GDPR
You have the right to receive the personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another person responsible.
- Right of objection Art. 21 GDPR
According to Art. 21 GDPR, you have the right to object to the processing of your personal data if these are processed on the basis of a legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR. However, this only applies if there are reasons that arise from your particular situation or the objection is directed against direct mail.
- Right of withdrawal Art. 7 Para. 3 GDPR
You have the right to revoke your consent given to us in accordance with Article 6 Paragraph 1 Sentence 1 Letter a GDPR at any time. This revocation is only valid for future use.
- Right to complain to supervisory authorities
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work or our company headquarters, if you are of the opinion that the processing of your personal data violates the General Data Protection Regulation.
If you would like to make use of your rights as a data subject, you can also submit this by email to the above email address.
- Data security
For security reasons and to protect the transmission of confidential content, such as inquiries that you send to us as the website operator, this site uses SSL or TLS encryption. You can recognize this by the fact that the address line of the browser changes from "http: //" to "https: //". A lock symbol can also be seen in the browser line.
If the SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.
In addition, we have taken precautions in the form of technical and organizational measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties.
- Up-to-dateness and changes to this data protection declaration
This data protection declaration is currently valid and has the status April 6, 2021 .
In order to ensure that our data protection declaration always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection declaration has to be adapted due to new or revised services, for example new services. The new data protection declaration will then apply on your next visit to our offer.
You can view and print out our data protection declaration on our website at any time.
- Complaints and warnings
If you feel that your rights have been violated or otherwise disadvantaged, we ask you to inform us of this yourself. You will then receive a personal, individual answer. As part of your duty to mitigate damage, we would like to point out that we will not assume the costs of a lawyer commissioned by you out of court without prior contact. There is expressly no will on our part for you to instruct a lawyer to cease and desist and / or to submit a declaration of cease and desist subject to penalties. A presumed will can therefore not be used.
This data protection declaration was created by lawyer Martin Jedwillat: www.advomare.de