Privacy Policy

1. Privacy Overview

General Information

The following notes provide a simple overview of what happens with your personal data when you visit this website. Personal data is any information that can personally identify you. Detailed information on the subject of privacy can be found in our privacy policy listed below this text.

Data Collection on this Website

Who is responsible for the data collection on this website?

The data processing on this website is carried out by the website operator. You can find the contact details of the operator in the section "Note on the Responsible Party" in this privacy policy.

How do we collect your data?

Your data is collected in one way when you provide it to us. This may include data you enter in a contact form, for example.

Other data is automatically collected by our IT systems when you visit the website or after your consent. These are mainly technical data (e.g., internet browser, operating system, or the time of page access). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure a smooth operation of the website. Other data can be used to analyze your user behavior. If contracts are made or initiated via the website, the transmitted data will also be processed for contract offers, orders, or other requests.

What rights do you have regarding your data?

You have the right to receive free information about the origin, recipient, and purpose of your stored personal data at any time. You also have the right to request the correction or deletion of this data. If you have consented to the data processing, you can withdraw this consent at any time for the future. You also have the right to request the restriction of processing your personal data under certain circumstances. Furthermore, you have the right to file a complaint with the relevant supervisory authority.

For this, as well as for other questions regarding privacy, you can contact us at any time.

2. Hosting

We host the content of our website with the following provider:

Squarespace

The provider is Squarespace Ireland Ltd., Le Pole House, Ship Street Great, Dublin 8, Ireland (hereinafter Squarespace).

Squarespace is a tool for creating and hosting websites. When you visit our website, your data is processed on Squarespace's servers. This may also involve the transmission of personal data to Squarespace's parent company, Squarespace Inc., 8 Clarkson St, New York, NY 10014, USA. Squarespace also stores cookies that are required for the page display and to ensure security (necessary cookies).

The use of Squarespace is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in presenting our website as reliably as possible. If consent has been requested, processing is done exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG, as long as the consent includes the storage of cookies or access to information on the user's end device (e.g., device fingerprinting) in the sense of the TTDSG. The consent can be revoked at any time.

Data transmission to the USA is based on the EU Commission's standard contractual clauses. More details can be found here: https://support.squarespace.com/hc/de/articles/360000851908-DSGVO-und-Squarespace.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA to ensure that European privacy standards are upheld when processing data in the USA. Each company certified under the DPF agrees to comply with these privacy standards. Further information can be found from the provider here: https://www.dataprivacyframework.gov/participant/4774.

3. General Information and Mandatory Information on Data Protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with legal data protection regulations as well as this privacy policy.

When you use this website, various personal data will be collected. Personal data is data that can be used to personally identify you. This privacy policy explains which data we collect and how we use it. It also explains how and for what purpose this is done.

We point out that data transmission over the internet (e.g., via email communication) may have security vulnerabilities. A complete protection of data from access by third parties is not possible.

Note on the Responsible Party

The responsible party for data processing on this website is:

Steven Schenkelberger
Wiesenstraße 138
42105 Wuppertal
Germany

Phone: +49 152 26053627
Email: info@roots-of-hatha.com

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g., names, email addresses, etc.).

Storage Duration

Unless a more specific storage duration is mentioned in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you submit a legitimate deletion request or withdraw your consent to data processing, your data will be deleted, provided we do not have any other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, deletion will take place after the reasons cease to apply.

General Information on the Legal Basis for Data Processing on this Website

If you have given consent to data processing, we process your personal data based on Art. 6 (1) lit. a GDPR or Art. 9 (2) lit. a GDPR if special categories of data are processed under Art. 9 (1) GDPR. In the case of explicit consent for the transfer of personal data to third countries, data processing also occurs based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g., via device fingerprinting), data processing also occurs based on § 25 (1) TTDSG. Consent can be revoked at any time.

If your data is necessary for the fulfillment of a contract or the performance of pre-contractual measures, we process your data based on Art. 6 (1) lit. b GDPR. We also process your data if it is necessary to fulfill a legal obligation based on Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest under Art. 6 (1) lit. f GDPR. Further details on the relevant legal bases for processing are provided in the following sections of this privacy policy.

Recipients of Personal Data

As part of our business activities, we work with various external parties. In some cases, the transfer of personal data to these external parties is necessary. We only pass on personal data to external parties if this is required for the fulfillment of a contract, if we are legally obligated to do so (e.g., forwarding data to tax authorities), if we have a legitimate interest under Art. 6 (1) lit. f GDPR, or if another legal basis allows data transmission. When using processors, we only share personal data with processors based on a valid data processing agreement. In the case of joint processing, a joint processing agreement will be concluded.

Revocation of Your Consent to Data Processing

Many data processing operations are only possible with your explicit consent. You can revoke any consent you have already given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to Object to Data Collection in Special Cases and to Direct Marketing (Art. 21 GDPR)

IF THE DATA PROCESSING IS BASED ON ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RELEVANT LEGAL BASIS ON WHICH THE PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS, AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS (OBJECTION UNDER ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH MARKETING AT ANY TIME; THIS ALSO APPLIES TO PROFILING, TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR DIRECT MARKETING PURPOSES (OBJECTION UNDER ART. 21 (2) GDPR).

Right to Complain to the Relevant Supervisory Authority

In the event of violations of the GDPR, affected individuals have the right to file a complaint with a supervisory authority, particularly in the member state of their habitual residence, place of work, or place of the alleged infringement. The right to complain does not affect other administrative or judicial remedies.

Right to Data Portability

You have the right to receive data that we process automatically based on your consent or in the fulfillment of a contract in a structured, commonly used, and machine-readable format. You can request that this data be transmitted directly to another responsible party, where technically feasible.

Information, Correction, and Deletion

You have the right to request information at any time about your stored personal data, its origin, recipients, and the purpose of processing, as well as the right to correction or deletion of this data. For this purpose, and for other questions regarding personal data, you can contact us at any time.

Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this. The right to restriction of processing exists in the following cases:

If you dispute the accuracy of your personal data stored with us, we usually need time to verify it. During this verification period, you have the right to request the restriction of the processing of your personal data.
If the processing of your personal data was or is unlawful, you can request the restriction of data processing instead of its deletion.
If we no longer need your personal data, but you need it for the establishment, exercise, or defense of legal claims, you have the right to request the restriction of the processing of your personal data instead of its deletion.
If you have filed an objection according to Art. 21 (1) GDPR, a balancing of interests must be conducted between your and our interests. As long as it is not clear whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have requested the restriction of processing your personal data, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

SSL/TLS Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock symbol in your browser's address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on this Website

Cookies

Our website uses so-called "cookies". Cookies are small data packages that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit ends. Permanent cookies remain on your device until you delete them or an automatic deletion occurs via your web browser.

Cookies may come from us (first-party cookies) or from third-party providers (so-called third-party cookies). Third-party cookies enable the integration of certain services from third parties within the website (e.g., cookies for payment processing services).

Cookies serve various purposes. Many cookies are technically necessary because certain website features would not function without them (e.g., shopping cart functionality or video display). Other cookies may be used for analyzing user behavior or for advertising purposes.

Cookies required for the execution of electronic communication transactions, to provide certain features you request (e.g., for the shopping cart function), or to optimize the website (e.g., cookies for measuring web audience) are stored based on Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the technical and error-free functioning of its services. If consent has been requested for the storage of cookies and similar recognition technologies, processing will be based solely on this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG); consent can be revoked at any time.

You can configure your browser to inform you when cookies are set and allow cookies only in specific cases, or exclude the acceptance of cookies in general, as well as enable the automatic deletion of cookies when closing the browser. Disabling cookies may limit the functionality of this website.

Which cookies and services are used on this website can be found in this privacy policy.

Contact Form

If you send us inquiries via contact form, the information you provide in the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in case of follow-up questions. We will not share this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, as long as your inquiry is related to the fulfillment of a contract or is necessary for the performance of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective handling of the inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR), if such consent has been requested; consent can be revoked at any time.

The data you enter in the contact form will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after completing the processing of your inquiry). Mandatory statutory provisions – especially retention periods – remain unaffected.

Inquiries via Email, Phone, or Fax

If you contact us via email, phone, or fax, your inquiry, including all personal data derived from it (e.g., name, inquiry), will be stored and processed by us for the purpose of handling your request. We will not share this data without your consent.

The data you send us via contact inquiries will remain with us until you request its deletion, revoke your consent for storage, or the purpose for data storage no longer applies (e.g., after completing the handling of your request). Mandatory statutory provisions – especially statutory retention periods – remain unaffected.

5. Social Media:

Facebook

This website integrates elements from the social network Facebook. The service provider is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the collected data is also transferred to the USA and other third countries.

An overview of the Facebook social media elements can be found here: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and the Facebook server. As a result, Facebook receives the information that you visited this website with your IP address. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the website provider, we have no knowledge of the content of the data transmitted and how Facebook uses this data. Further information can be found in Facebook's privacy policy: https://de-de.facebook.com/privacy/explanation. The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. The consent can be withdrawn at any time.

If personal data is collected on our website using this tool and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook. The subsequent processing by Facebook is not part of the joint responsibility. Our mutual obligations are documented in a joint processing agreement. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://de-de.facebook.com/help/566994660333381, and https://www.facebook.com/policy.php.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards when processing data in the USA. Any company certified under the DPF commits to complying with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452.

Instagram

This website incorporates functions from the service Instagram. These features are provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When the social media element is active, a direct connection is established between your device and the Instagram server. Instagram receives information about your visit to this website.

If you are logged into your Instagram account, you can link the content of this website to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the website provider, we have no knowledge of the content of the data transmitted and how Instagram uses this data.

The use of this service is based on your consent according to Art. 6 (1) lit. a GDPR and § 25 (1) TTDSG. The consent can be withdrawn at any time.

If personal data is collected on our website using this tool and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). Joint responsibility is limited exclusively to the collection of data and its transfer to Facebook or Instagram. The subsequent processing by Facebook or Instagram is not part of the joint responsibility. Our mutual obligations are documented in a joint processing agreement. You can find the wording of the agreement here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook and Instagram products. Data subjects' rights (e.g., requests for information) regarding data processed by Facebook or Instagram can be asserted directly with Facebook. If you assert data subject rights with us, we are obliged to forward them to Facebook.

The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/, and https://de-de.facebook.com/help/566994660333381.

Further information can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy/.

6. Newsletter

Newsletter Data

If you wish to subscribe to the newsletter offered on the website, we need an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you consent to receiving the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not share it with third parties.

The processing of the data entered into the newsletter registration form is solely based on your consent (Art. 6 (1) lit. a GDPR). The consent to store the data, the email address, and to use it for sending the newsletter can be revoked at any time, for example, via the "unsubscribe" link in the newsletter. The legality of data processing that has already taken place remains unaffected by the revocation.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter, either with us or with the newsletter service provider, and will be deleted after the unsubscription or once the purpose of storing the data no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion in the context of our legitimate interest according to Art. 6 (1) lit. f GDPR.

Data stored for other purposes remains unaffected by this.

After unsubscribing from the newsletter distribution list, your email address may be stored with us or the newsletter service provider in a blacklist, if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest according to Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

7. Plugins and Tools

YouTube with Extended Privacy Mode

This website integrates videos from the YouTube website. The operator of this service is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of these pages with YouTube embedded, a connection to YouTube's servers is established. In doing so, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, YouTube can directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

We use YouTube in extended privacy mode. According to YouTube, videos played in extended privacy mode are not used for personalizing YouTube browsing. Ads displayed in extended privacy mode are also not personalized. In this mode, no cookies are set. Instead, local storage elements are saved in the user’s browser, which can store personal data and be used for recognition, similar to cookies. More details on the extended privacy mode can be found here:

Google Support – YouTube Extended Privacy.

If a YouTube video is activated, further data processing may be triggered, over which we have no control.

The use of YouTube is in the interest of presenting our online offerings in an engaging way. This constitutes a legitimate interest under Art. 6(1)(f) of the GDPR. If consent is requested, processing is done based on Art. 6(1)(a) of the GDPR and § 25(1) TDDDG, where the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as per TDDDG. Consent can be revoked at any time.

Further information about privacy on YouTube can be found in their privacy policy at: YouTube Privacy Policy.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA designed to ensure that European data protection standards are adhered to in data processing in the USA. Each company certified under the DPF commits to complying with these data protection standards. More information is available from the provider here: DPF Certification.

Google Maps

This site uses the Google Maps service. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. This service allows us to embed map content on our website.

To use the features of Google Maps, it is necessary to store your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transmission. When Google Maps is enabled, Google may use Google Fonts to ensure uniform font presentation. When you visit Google Maps, your browser loads the necessary web fonts into its cache to display texts and fonts correctly.

The use of Google Maps is in the interest of presenting our online offerings attractively and making the locations we specify on the website easy to find. This constitutes a legitimate interest under Art. 6(1)(f) of the GDPR. If consent is requested, processing is done based on Art. 6(1)(a) of the GDPR and § 25(1) TDDDG, where the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as per TDDDG. Consent can be revoked at any time.

The data transmission to the USA is based on the Standard Contractual Clauses of the EU Commission. Details can be found here: Google Privacy and Google SCCs.

More information on how Google handles user data can be found in Google's privacy policy: Google Privacy Policy.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

reCAPTCHA is used to verify whether the data entry on this website (e.g., in a contact form) is done by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various features. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g., IP address, duration of the website visit, or mouse movements made by the user). The data collected during the analysis is sent to Google.

The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.

The storage and analysis of the data are based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in protecting its web offerings from abusive automated scraping and spam. If consent is requested, processing is done based on Art. 6(1)(a) of the GDPR and § 25(1) TDDDG, where the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as per TDDDG. Consent can be revoked at any time.

Further information about Google reCAPTCHA can be found in Google's privacy policy and terms of use at: Google Privacy and Google Terms.

8. Own Services

Google Drive

We have integrated Google Drive on this website. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Drive allows us to include an upload area on our website where you can upload content. When you upload content, it is stored on Google Drive’s servers. When you visit our website, a connection is established to Google Drive so that Google Drive can detect that you have visited our website.

The use of Google Drive is based on Art. 6(1)(f) of the GDPR. The website operator has a legitimate interest in providing a reliable upload area on the website. If consent is requested, processing is done based on Art. 6(1)(a) of the GDPR; consent can be revoked at any time.

The company is certified under the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the United States that aims to ensure compliance with European data protection standards for data processing in the United States. Any company certified under the DPF is committed to adhering to these data protection standards. For more information, you can visit the provider's website at the following link: https://www.dataprivacyframework.gov/participant/5780.

Source:
https://www.e-recht24.de

Chat on Whatsapp

Steven Schenkelberger

info@roots-of-hatha.com

Privacy Policy

Imprint

Data protection

Cancellation policy