Customer Privacy Notice
In this customer privacy notice, we provide comprehensive information about how we handle personal data and inform you about your rights.
1. Name and contact details of the responsible entity for data processing and of the data protection officer
This data privacy information applies to data processing by:
LaVita GmbH (hereinafter referred to as LaVita)
Ziegelfeldstraße 10, 84036 Kumhausen, Germany
Telephone: +49 871/972 170
Fax: +49 871/972 1717
The data protection officer of LaVita can be reached at the above address, attn: Data Protection Department, or at email@example.com.
2. Collection and storage of personal data, as well as the nature and purpose of its use
a) When visiting the website
When you visit our website www.lavita.com the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without any action on your part and stored until it is automatically deleted:
- IP address of the computer making the request,
- Date and time of access,
- Name and URL of the accessed file,
- Website from which access is made (referrer URL),
- The browser used and, where applicable, the operating system of your computer and your screen resolution.
The above-mentioned data will be processed by us for the following purposes:
- To ensure a smooth connection to the website,
- To ensure a comfortable use of our website,
- To analyse system security and stability and
- for other administrative purposes.
The legal basis for the processing of data is Article 6(1)(1)(f) of the GDPR. Our legitimate interest is based on the purposes for data collection listed above. We do not use the collected data to identify you personally.
b) When you place an order in our online shop as a guest
When you order products from our website as a guest, we collect the following information:
- Title, first name, last name,
- A valid email address,
- Payment details depending on the payment method you have selected (such as bank details or Paypal account data).
This data is collected for the following purposes:
- To identify you as our contractual partner;
- To verify the plausibility of the entered data;
- For the payment processing of your order;
- To handle any existing warranty claims and to assert any claims against you.
The data processing is carried out following your query and is necessary according to Article 6(1)(1)(b) of the GDPR for the purposes mentioned for the fulfilment of the contract and pre-contractual measures.
To ensure the smooth and easy processing of your order and for faster processing of queries, you may also provide additional information:
- Your phone number and
- an alternative delivery address.
The provision of this data is voluntary.
The personal data collected by us for the order will be stored until the expiry of the statutory warranty obligation and will then be automatically deleted unless, according to Article 6(1)(1)(c) of the GDPR, we are obliged to store it for a longer period due to tax and commercial law storage and documentation obligations (as per HGB (German Commercial Code), StGB (German Criminal Code) or AO (German Tax Code) or you have consented to storage beyond this period in accordance with Article 6(1)(1)(a) of the GDPR.
c) When you set up a user account
You have the option to set up a password-protected user account with us, in which we store your personal data. This serves the purpose of providing you with the greatest possible convenience in processing your orders by enabling a simpler, faster and more personalised purchasing experience.
If you wish to set up a password-protected user account with us, we require the following information from you:
- Title, first name, last name,
- address and
- a valid email address.
To create a user account, you must provide a password of your own choice. Along with your email address, the password gives you access your user account. In your user account, you can view and change the data stored about you at any time.
We only store your personal data in a user account if you have voluntarily given us your consent according to Article 6(1)(1)(a) of the GDPR.
You do not need a user account to use our website or to place orders with us. We offer you the option to place an order as a guest (see Section 2. b). However, in this case you will have to re-enter your data every time you place an order.
Once your user account is deleted, the data collected by us will be automatically deleted unless, according to Article 6(1)(1)(c) of the GDPR, we are obliged to store it for a longer period due to tax and commercial law storage and documentation obligations (as per HGB (German Commercial Code), StGB (German Criminal Code) or AO (German Tax Code) or you have consented to storage beyond this period in accordance with Article 6(1)(1)(a) of the GDPR.
d) When you sign up for our newsletter
Provided you gave your express consent in accordance with Article 6(1)(1)(a) of the GDPR, we use your email address to regularly send you our newsletter. To receive the newsletter, all you need to do is provide your email address in the newsletter form
In certain circumstances we may also use your email address to send you information about similar products from our company, provided you are an existing customer and have not objected to the use of your email address for this purpose.
In both cases you can unsubscribe at any time, for example, by clicking the link at the end of the newsletter. Alternatively, you are welcome to email your request to unsubscribe at any time via firstname.lastname@example.org.
If we send you email newsletters, these newsletters contain elements that respond to the reading or confirmation of links within the newsletter and are associated with an individual technical identifier. We use this information for the statistical evaluation of feedback obtained from the use of the newsletter in order to improve the newsletter service for you. We use the services of Bloomreach/Exponea for newsletter campaign automation (cf. 5. a) V.).
e) When using our contact form
If you have any questions, you can contact us by using the contact form provided on the website. You will need to provide us with a valid email address so that we know who is asking the question and to allow us to reply. Additional information can be provided voluntarily.
Data processing for the purpose of establishing contact with us is based on Article 6(1)(1)(a) of the GDPR on the basis of your voluntarily granted consent.
The personal data we collect when you use the contact form is automatically deleted once we have dealt with your inquiry.
f) When submitting an application via the online form
You can use the online application form to send us an unsolicited application. As part of the application process, the following personal data will be collected from you and stored:
- First and last name
- Email address
- Job title
- Start date
- Salary expectations
- Attachments (such as covering letter, photo, certificates)
You also have the option to voluntarily provide us with your phone number and a text for further information.
The data processing is carried out on your request and only to the extent that it is necessary for responding to the application and establishing the employment relationship in accordance with Article 88(1) of the GDPR in conjunction with Section 26(1) of the BDSG (data protection act), or to protect our legitimate interests in accordance with Article 6(1)(1)(f) of the GDPR.
The data is processed for the purpose of applying for employment. Personal data is regularly deleted 6 months after the application process has ended, unless you have consented to longer storage in accordance with Article 6(1)(1)(a) of the GDPR.
3. Data transfer
Your data is not passed on to third parties for any purposes other than those listed below.
a) For contract execution
In as far this is legally permissible and required in accordance with Article 6(1)(1)(b) of the GDPR for the processing of contractual relationships, your personal data is passed on to third parties. This includes, in particular, the transfer to shipping companies for the purpose of delivering the goods you ordered and the transfer of payment data to payment service providers or banks to facilitate the payment transaction. The data shared with third parties may only be used by these for the specified purposes.
b) For billing purposes
Based on our legitimate interests pursuant to Article 6(1)(1)(f) of the GDPR we may also transfer your data to our partners. The transfer of your data to our partners is necessary for general billing purposes. This economic interest is to be regarded as a legitimate interest within the meaning of Article 6(1)(1)(f) of the GDPR.
c) For other purposes
In addition to the above, we only transfer your personal data to third parties in the following cases:
- You have given express consent in accordance with Article 6(1)(1)(a) of the GDPR;
- the transfer of data in accordance with Article 6(1)(1)(f) of the GDPR is required for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in your data not being passed on, and
- in in the event of there being a legal obligation to transfer the data in accordance with Article 6(1)(1)(c) of the GDPR.
The cookie stores information related to the specific device you use. However, this does not mean that we can directly infer your identity from this.
We also use temporary cookies that are stored on your device for a specified period of time to improve user-friendliness. When you visit our website again to use our services, it is automatically recognised that you have already visited our website and what entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties in accordance with Article 6(1)(1)(f) of the GDPR. Most browsers automatically accept cookies. However, you can configure your browser such that no cookies are stored on your computer or a message appears before a new cookie is created. Completely disabling cookies, however, may mean that you cannot use all of the features of our website.
You can manage your cookie settings in the footer.
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out based on Article 6(1)(1)(f) of the GDPR. With these tracking measures we want to ensure that our website is designed to meet requirements and is continually improved. Furthermore, we use the tracking measures to statistically analyse the use of our website and to evaluate it for you for the purpose of optimising our services. These interests are deemed legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the relevant tracking tools.
I.) Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as 'Google') to design our web pages in line with needs and to continuously improve them. In this context, pseudonymised user profiles are created and cookies (see Section 4) are used. The information generated by the cookie about your use of this website, such as
- browser type/version,
- operating system used,
- referrer URL (the page previously visited),
- host name of the accessing computer (IP address),
- time of server request,
is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and the needs-based design of these internet pages. This information may be passed on to third parties insofar as the law requires this or if third parties process the data on another party’s behalf. Under no circumstances will your IP address be associated with other data stored by Google. The IP addresses are anonymised, which means that it is not possible to identify specific individuals (IP masking).
You can prevent the installation of the cookies by selecting the appropriate settings in your browser; please note, however, that in this case it is possible that you will not be able to use all the features of this website.
You can additionally prevent the collection of data generated by the cookie and associated with your use of the website (including your IP address), its transmission to and its processing by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. This sets an opt-out cookie, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid for this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you have to set the opt-out cookie again.
For more information on data protection in connection with Google Analytics, please consult the Google Analytics help centre.
II.) Google AdWords Conversion Tracking
To statistically capture the use of our website and to evaluate it for the purpose of optimising our offer for you, we also use Google Conversion Tracking. Google AdWords then sets a cookie (see Section 4) on your computer if you have accessed our website via a Google ad.
These cookies expire after 30 days and do not personally identify a user. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, then Google and the customer can see that the user clicked on the ad and was redirected to this page.
Every AdWords customers receives a different cookie. This means that cookies cannot be tracked through the websites of other AdWords customers. The information collected by conversion cookies only serves to generate conversion statistics for AdWords customers who have decided to use conversion tracking. Customers find out the total number of users who have clicked on their ads and who have been redirected to a page with a conversion tracking tag. They do not, however, receive any information that could be used to identify users personally.
If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain 'www.googleadservices.com'. You can find Google's data protection information about conversion tracking here.
III.) Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags through an interface (thereby integrating Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, please see the information about Google services below. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
IV.) Bing Ads
We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service provided by the Microsoft Corporation ('Microsoft'). It allows us to track the activity of users on our website when they come to our website via ads from Bing Ads.
If you come to our website via a Bing Ads ad, a cookie (see Section 4) is set on your computer. A Bing UET tag is integrated on our website. The Bing UET tag is a code through which, in connection with the cookie, some non-personal data about the use of the website is stored. This includes the length of time spent on the website, which areas of the website were visited, and which ad the users used to reach the website. Information about your identity is not collected.
This information is transferred to Microsoft servers in the USA and stored there for no more than 180 days.
For more information about Bing's analytics services, please visit the Bing website.
You can find more information about data protection at Microsoft in the data protection regulations of Microsoft.
For interest-based marketing purposes, retargeting, the optimisation of our web offerings, the analysis of your surfing behaviour and for marketing campaign automation, this website uses the services of Exponea DE GmbH, Kemperplatz 1, Mitte D, 10785 Berlin.
Exponea uses the following cookies to collect information about the use of our website: https://docs.exponea.com/docs/cookies-storage.
The data collected by the cookies contain the following information: IP address, login information, time zone setting, operating system and platform, information about visits including URL, search terms, information about what you searched for or viewed on our site, website response time, download errors, duration of visits to specific pages, information about website interaction (such as scrolling, clicks and mouse-overs) and how pages were exited, user activity, web page browsing.
Exponea processes additional data (your last name, first name, gender, email address) only if you have subscribed to our email newsletter. In this case we create a user profile with the collected data in order to provide you with a newsletter that is tailored to your interests.
The legal basis for the processing of data by Exponea is Article 6(1)(1)(f) of the GDPR. We enable you to manage your participation in data collection. Click here for a full opt-out from data collection by https://www.lavita.com/opt-out-exponea/
For more information about Exponea's services, go to https://exponea.com/de/capabilities/.
For more information about data protection at Exponea, go to https://exponea.com/de/privacy-policy/.
OpenReplay is an open source session replay software that we use to analyse how users use our platform. OpenReplay provides us with records that enable us to track activities on the platform in the event of a problem (bugs), which in turn allows us to fix them. OpenReplay is configured in such a way that all entered data is anonymised and obscured for recording. This process of anonymisation means that only the course of action of the user and the occurrence of bugs are recorded and documented. Any personal data will be automatically anonymised and obscured. Furthermore, OpenReplay does not store any personal data.
VII.) Piwik PRO
b) Targeting and remarketing tools
The targeting measures listed below and used by us are carried out based on Article 6(1)(1)(f) of the GDPR. We use targeting measures to ensure that only advertisements aligned with your actual or assumed interests are displayed on your devices. These interests are deemed legitimate within the meaning of the aforementioned provision.
We also use remarketing on our website. This is a method through which we aim to re-engage with you. Through this application, after visiting our website, our advertisements can be displayed to you during your internet use after visiting our website This is done by means of cookies stored in your browser, which are used to record and analyse your usage behaviour when visiting various websites via tracking partners. This allows tracking partners to know that you have visited our website. The data collected during remarketing is not combined with your personal data stored by the tracking partners. In particular, tracking partners use pseudonymisation in their remarketing.
The respective data processing purposes and data categories can be found in the relevant targeting tools.
I.) Google Adwords Remarketing
We would like to point out, however, that you may not be able all to use all features of this website in that case. By using this website you agree to the processing of the data collected about you by Google in the manner and for the purpose outlined above. You can find more information about Google's policies here.
II.) Facebook Retargeting / Remarketing
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA ('Facebook') are integrated on our web pages. When you visit our website, a direct connection between your browser and the Facebook server is established by means of the remarketing tags. This enables Facebook to receive the information that you have visited our website from your IP address. This allows Facebook to associate the visit to our website with your user account. We can use the information obtained in this way to display Facebook ads.
We must point out that, as operators of this website, we have no knowledge of the content of the data transmitted to Facebook and how Facebook uses this data.
You can find more information in the data protection declaration of Facebook.
III.) Facebook Custom Audiences
source and target page. This information is transferred to Facebook servers in the USA. There, it is automatically checked whether you have saved a Facebook cookie. The Facebook cookie is used to automatically determine whether you are part of the target group that is relevant for us. If you are, you will be shown relevant ads from us on Facebook. During this process you are not personally identified by either us or Facebook through data comparison.
You can object to the use of the Custom Audiences service using this link.
We use the TikTok pixel on our website. The TikTok pixel is a TikTok advertiser tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively 'TikTok').
6. Social media plug-ins
On our website, based on Article 6(1)(1)(f) of the GDPR, we use social plug-ins of the social networks Facebook, Twitter and Instagram to raise awareness of our company that way. The underlying advertising purpose is deemed a legitimate interest within the meaning of the GDPR. The responsibility for operation in compliance with data protection regulations lies with the respective provider. The integration of these plug-ins is based on the so-called two-click process in order to protect visitors to our website as much as possible.
On our platform we use social-media plug-ins of Facebook to make its use more personalised. To do this, we use the 'LIKE' or 'SHARE' button. This is a service by Facebook.
If you access a page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of Facebook. The content of the plug-in is directly transmitted to your browser by Facebook and the browser integrates it into the website.
The integration of the plug-in means that Facebook receives the information that your browser has accessed the relevant page on our website even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is directly transmitted by your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook is able to directly associate the visit to our website with your Facebook account. If you interact with the plug-ins, such as by using the 'LIKE' or 'SHARE' button, the relevant information is also transmitted directly to a Facebook server and stored there. In addition, the information is posted on Facebook and can be seen by your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. To do this, Facebook creates usage, interest and relationship profiles to evaluate your use of our website with regard to the adverts shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to Facebook use.
If you do not want Facebook to associate the data collected via our website with your Facebook account, then you must log out of Facebook before visiting our website.
Please see the Facebook data protection policy for information on the purpose and scope of data collection and its further processing and use of data by Facebook, as well as your applicable rights and settings options for protecting your privacy.
Our website also uses so-called social plug-ins ('plug-ins') from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ('Instagram').
These plug-ins are marked with an Instagram logo, for example the 'Instagram camera'.
If you access a page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of Instagram. The content of the plug-in is directly transmitted to your browser by Instagram and the browser integrates it into the website. The integration of the plug-in means that Instagram receives the information that your browser has accessed the relevant page on our website even if you do not have an Instagram account or are not currently logged into Instagram.
This information (including your IP address) is directly transmitted by your browser to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram is able to directly associate the visit to our website with your Instagram account. If you interact with the plug-ins, such as by using the 'Instagram' button, this information is also transmitted directly to an Instagram server and stored there.
The information will also be published on your Instagram account and shown to your contacts there.
If you do not wish Instagram to associate the data collected via our website with your Instagram account, then you must log out of Instagram before visiting our website.
For more information, see the data protection declaration of Instagram.
7. Trusted Shops
On our website and for orders in our online shop, we use the buyer protection system of Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, ('Trusted Shops'), to enable customers to purchase our products securely in the online shop.
When placing orders in our online shop you have the option to use the buyer protection of Trusted Shops and also to leave a review in the Trusted Shops review system. This is done voluntarily.
If you have given us your consent during or after your order in accordance with Article 6(1)(1)(a) of the GDPR by activating the corresponding checkbox or clicking a button provided for this purpose ('Review later'), we will forward your email address to Trusted Shops for the processing of your orders in our online shop.
This consent can be revoked at any time by sending a message to the contact option below or directly to Trusted Shops.
For more information, see the data protection declaration of Trusted Shops.
8. Data subject rights
You have the right:
- in accordance with Article 15 of the GDPR to request information from us about your personal data processed by us. In particular, you can request information about processing purposes, the category of personal data, the categories of recipients to whom your data was or is being disclosed, the planned storage duration, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the data source if this was not collected by us, as well as about the existence of automated decision-making including profiling and, where applicable, relevant detailed information;
- in accordance with Article 16 of the GDPR, you can request that incorrect or incomplete personal data stored by us is corrected or completed immediately;
- in accordance with Article 17 of the GDPR, you can request the deletion of your personal data stored by us, provided that its processing is not required to exercise the right to freedom of expression and information, to meet a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- in accordance with Article 18 of the GDPR, you can request the processing of your personal data to be restricted, provided you contest the accuracy of the data, its processing is unlawful, but you decline its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to its processing in accordance with Article 21 of the GDPR;
- in accordance with Article 20 of the GDPR, you can request to receive the personal data you have provided us with in a structured, common and machine-readable format or request its transmission to another responsible entity;
- in accordance with Article 7(3) of the GDPR, you may revoke your consent at any time. This means that we cannot continue processing your data based on this consent in the future and
- in accordance with Article 77 of the GDPR there exists a right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence or place of work or of our registered office.
9. Right of objection
If your personal data is processed based on legitimate interests in accordance with Article 6(1)(1)(1)(f) of the GDPR, you have the right, in accordance with Article 21 of the GDPR, to object to the processing of your personal data, provided there are reasons that arise from your special situation or the objection is directed against direct advertising. In the latter case you have a general right of objection that we implement without you having to provide information about a special situation. If you would like to exercise your right of revocation or right of objection, all you need to do is send an email to email@example.com.
10. Data security
When you place an order we use the standard SSL method (Secure Socket Layer) in conjunction with the highest encryption setting supported by your browser in each case. As a rule, this is 256-bit encryption technology. If your browser does not support 256-bit technology, we use 128-bit v3 encryption instead. The closed key or lock icon in the lower task bar of your browser indicates whether the specific website page is transmitted in an encrypted form.
Moreover, we also use suitable technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction and from unauthorised access by third parties. Our security measures are revised continuously in line with technological development.
11. Updating and making changes to this data protection declaration
This data protection declaration is currently valid and was last updated in February 2023. Because of the development of our website and its offerings or because of changed legal or regulatory requirements, it may become necessary to change this data protection declaration.
You can access and print out the most recent version of the data protection declaration at any time on our website at https://www.lavita.com/privacy.