1. Name and contact information of the controller and company data protection officer
This data protection notice applies to data processing by:
Controller: Maharishi Ayurveda Europe B.V.
Veldweg 33, 6075 NL Herkenbosch (The Netherlands)
Phone: +31 475 529111
Fax: +31 475 404055
Due to the size of the enterprise, appointing a company data protection officer is not required. The contact person for privacy issues is the controller’s management at the above-mentioned address.
2. Collecting and storing personal data as well as the nature and purpose of its use
a) When visiting the website
When you visit our website www.ayurveda.eu, the browser on your device automatically sends information to our website’s server. This information is temporarily stored in a so-called log file. The following information is gathered without any action on your part and stored until it is automatically deleted:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the files retrieved
- Website from which access is gained (referrer URL)
- Browser used and, if applicable, the operating system of your computer and the name of your access provider
The above-mentioned data are processed by us for the following purposes:
- Ensuring a smooth connection to our website
- Ensuring comfortable use of our website
- Evaluating system security and stability as well as
- other administrative purposes
The legal basis for data processing is Art. 6 Par. 1 sentence 1 f GDPR. Our legitimate interest follows from the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose to draw conclusions of you personally.
b) When subscribing to our newsletter
If you have expressly given your consent pursuant to Art. 6 Par. 1 sentence 1 a GDPR, we will use your email address to regularly send you our newsletter. Providing your email address is sufficient to receive the newsletter.
Unsubscribing from our newsletter is possible at any time and be can done either at https://www.ayurveda-products.eu/content/service/newsletter/unsubscribe/ or by using the link provided for this purpose in the newsletter.
c) When using our contact form
We give you the option of contacting us using the contact form on our website if you have any inquiries. Providing a valid email address is necessary for this so that we know who the inquiry is from and so that we can answer it. Further information may be provided voluntarily.
Processing of data you provide for the purpose of getting in contact with us is based on your voluntary consent pursuant to Art 6 Par. 1 sentence 1 a GDPR. The personal data collected by us using the contact form will be deleted automatically after your inquiry is processed.
d) Shop functions/Customer account
We collect personal data that you voluntarily provide us in the context of placing an order, contacting us or opening a customer account. Required fields are marked as such because, in these cases, we need the data to fulfil a contract, in order to process your attempt to contact us or to open a customer account. Without this information, the order and/or opening of a customer account cannot be completed and we cannot respond to your attempt to contact us.
The input forms indicate which data is collected. Pursuant to Art. 6 Par. 1 sentence 1 b GDPR (necessary for contract fulfilment), we use the data provided by you for contract processing and to process your inquiries. After complete fulfilment of the contract or deletion of your customer account, further processing of your data will be limited, and your data will be deleted after expiry of the retention periods under tax and commercial law.
3. Transferring data
We do not transfer your personal data to third parties for purposes other than those mentioned below. We transfer your personal data to third parties only for the following reasons:
- If you have expressly provided your consent pursuant to Art. 6 Par. 1 sentence 1 a GDPR
- If disclosure is necessary pursuant to Art. 6 Par. 1 sentence 1 f GDPR to enforce, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
- In the event that there is a legal requirement for disclosure pursuant to Art. 6 Par. 1 sentence 1 c GDPR
- If it is legally permissible and necessary pursuant to Art. 6 Par. 1 sentence 1 b GDPR for fulfilling contractual obligations toward you
Data is transferred to third parties for fulfilment of the purpose of the contract, specifically to the following parties:
- The credit card company or payment service provider for the purpose of charging or collecting the purchase price
- The transport company/shipping company commissioned by us to deliver the merchandise
- The hosting system, shop system or marketplace provider for the technical provision of the shop and sales data
- Our tax consultant for the fulfilment of our tax obligations.
Third parties are contractually or legally bound by us to data secrecy. You are also a contractual partner of the payment service provider and have accepted its terms and conditions and privacy regulations.
4. Routine deletion and storage of personal data
We process and store personal data of a data subject only for the period necessary to achieve the purpose of retention or to the extent provided by the European body issuing Directives and Regulations or another legislature in laws or regulations by which the person responsible for data processing is governed.
When the purpose for storage no longer pertains or if a mandatory retention defined by the body issuing the European Directives and Regulations or another competent legislature expires, personal data are routinely blocked or deleted in accordance with the statutory provisions.
Furthermore, we also use temporary cookies to optimise user-friendliness; these cookies are stored on your device for a specific fixed time period. When you visit our site again to use our services, it will automatically recognise that you have visited in the past and which entries and settings you made then so that you do not have to enter them again.
The data processed by the cookies is necessary for the above-mentioned purposes to protect our legitimate interests and those of third parties pursuant to Art. 6 Par. 1 sentence 1 f GDPR. Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a notice always appears before new cookies are set. Completely disabling cookies may mean that you cannot make full use of all the functions of our website.
6. Analysis Tools
a) Tracking Tools
The tracking measures that we perform and that are listed below are based on Art. 6 para. 1 clause 1 lit. f GDPR. We use tracking measures to ensure a needs-based design and the continuous optimisation of our website. We also use tracking measures to statistically capture the use of our website and to analyse this data to optimise the services we provide for you. These interests are to be considered legitimate within the meaning of the aforementioned regulation.
The respective data processing purposes and data categories can be gathered from the corresponding tracking tools.
i) Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (www.google.com/about/, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) to offer an appropriate design and a continuous optimisation of our web pages. In this context, masked user profiles are generated and cookies (cf. section 4) are used. The information generated by the cookie about your use of this website, such as the
- browser type/version,
- operating system used,
- referrer URL (the web page you visited just prior to visiting our site),
- host name of the accessing computer (IP address),
- time of the server request,
is sent to a Google server in the United States and stored there. The information is used to analyse the website, generate reports about the website activities, and provide other services associated with the use of the website and the Internet for market research purposes and the appropriate of these web pages.
This information may also be transmitted to third parties if this is legally required or if third parties process this data on behalf of Google. Your IP address will never be combined with other Google data. The IP addresses are masked so that allocation is not possible (IP masking).
You may prevent the installation of the cookies by selecting the corresponding setting in the browser software. Please note, however, that in that case you may not be able to make full use of all the functions of this website.
Moreover, you can prevent Google from collecting and using data generated by cookies and related to your use of this website (incl. your IP address) by downloading and installing a browser add-on (tools.google.com/dlpage/gaoptout?hl=en).
As an alternative to the browser add-on, in particular for browsers on mobile terminals, you can also prevent your data from being collected by Google Analytics by clicking on this link. An opt-out cookie will be placed that will prevent the future collection of your data when you visit this website. The opt-out cookie works only in this browser and only for our website. It is stored on your device. If you delete the cookies for this browser, you will have to download the opt-out cookie once again.
For more information about data privacy in connection with Google Analytics, please refer to the Google Analytics help section (support.google.com/analytics/answer/6004245?hl=en).
ii) Google Adwords Conversion Tracking
We also use the Google Conversion Tracking tool to statistically capture and analyse the use of our website and to optimise our website. As part of this process, Google Adwords sets a cookie (cf. section 4) on your computer if you were taken to our website by way of a Google ad.
These cookies become invalid after 30 days and are not used for personal identification purposes. If the user visits certain pages of the Adwords customer’s website and if the cookie has not yet expired, Google and the customer can detect that the user clicked on the ad and was forwarded to this page.
Each Adwords customer is provided with a unique cookie. Therefore, cookies cannot be traced through the websites of Adwords customers. The information obtained with the help of the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out how many users clicked on the respective ad and were taken to a web page with a conversion tracking tag. They do not, however, find out any information that would make it possible to identify the user.
iii) Embedding of the Trusted Shops Trustbadge
To display our Trusted Shops seal of approval and some of the ratings we may have received and in order to offer the Trusted Shops products to buyers who have already placed an order, the Trusted Shops trustbadge has been embedded in this website.
Its purpose is to protect, in a balancing of interests, the prevailing legitimate interests in an optimised marketing of our products and services pursuant to Art. 6 para. 1 clause 1 lit. f GDPR. The trustbadge and therefore the advertised services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne.
When the trustbadge is accessed, the web server automatically stores a so-called server log file, which contains, for example, your IP address, the date and time the website was called up, the data volume that was transferred, and the requesting provider (access data) and documents the retrieval of this website. These access data are not analysed and are overwritten at the latest seven days after the end of your website visit.
Additional personal data are transferred to Trusted Shops only if you have agreed to opt for the use of Trusted Shops products after having placed an order or if you have already registered for the use. In this case, the contractual agreement concluded between you and Trusted Shops will apply.
iv) Newsletter tracking:
By subscribing to the newsletter, the user consents to tracking for statistical purposes. This is specifically pointed out during registration. For this purpose, a so-called web beacon (or tracking pixel) is used. When delivering the newsletter, the external server can then capture certain data of the recipient, for example, at what time it is retrieved, the IP address or information about the email program (client) used. The name of the image file is individualised for each email recipient through attaching a distinct ID. In so doing, the email sender remembers which ID belongs to which email address and thus can see when the image is opened which newsletter recipient has just opened the email.
We store and analyse such personal data obtained through the tracking pixels included in the newsletters in order to optimise the mailing of the newsletter and to adapt the content of future newsletters even more to the interests of the recipients. These data are not forwarded to third parties.
Users may prevent such tracking by adjusting their email program settings in such a way that the program does not download any images in an email. If you unsubscribe from the newsletter, we consider that to be a withdrawal of this consent.
7. Social Media Plug-ins
We set links on our website to the social networks listed below on the basis of Art. 6 para. 1 clause 1 lit. f GDPR. The underlying commercial purpose is to be considered a legitimate interest within the meaning of the GDPR. The responsibility for an operation in compliance with data protection regulations is borne by the respective provider. No tracking or other data storage on our part takes place.
Please note that our website contains links to various social media and video platforms. Generally, these sites will know if you access them from our website.
If you have an account with the platforms and are logged in, the visited website cannot publicly store in your profile that you arrived there from our website.
For more information on data protection, please contact the respective providers:
Facebook Ireland Ltd.,
4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland
One Cumberland Place, Fenian Street,
Dublin 2, D02 AX07 IRELAND
1600 Amphitheatre Parkway,
CA 94043, USA
901 Cherry Ave.,
San Bruno, CA 94066, USA
8. Rights of Data Subjects
You have the right:
- pursuant to Art. 15 GDPR to request information about the personal data concerning you we process. In particular, you may request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom the personal data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right to rectification, erasure, restriction of the processing or to an objection to the processing, the existence of a right to lodge a complaint, the source of your data if it was not collected by us, as well as about the existence of an automated decision-making, including profiling, and, if applicable, meaningful information about its details;
- pursuant to Art. 16 GDPR to request the rectification of inaccurate personal data or the completion of personal data stored by us without undue delay;
- pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us unless the processing of the data is required to exercise the right of freedom of expression and information, to comply with a legal obligation, for purposes in the public interest or to establish, exercise, or defend legal claims;
- pursuant to Art. 18 GDPR to request a restriction of the processing of your personal data if the accuracy of the personal data is contested by you, the processing is unlawful but you oppose erasure of the data and we no longer need the data, but you need it to establish, exercise, or defend legal claims or you have objected to the processing pursuant to Art. 21 GDPR;
- pursuant to Art. 20 GDPR to receive your personal data you provided to us in a structured, commonly used, and machine-readable format or to request the transmission of this data to another controller;
- pursuant to Art. 7 para. 3 GDPR to revoke the consent you granted at any time. This will cause us to be unable to continue with the processing of your data that was based on this consent in the future; and
- pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority. Generally, you may contact the supervisory authority of your habitual residence or place of work or the registered offices of our company.
9. Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 clause 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR if reasons exist for doing so that are based on your special situation or if the objection relates to direct marketing. In the latter case, you have a general right to object, with which we will comply without you having to provide information about a special situation.
If you would like to make use of your right to withdraw or object, just send an email to firstname.lastname@example.org.
10. Data Security
During your visit to our website, we use the commonly used SSL (Secure Socket Layer) method in conjunction with the respectively highest level of encryption that your browser supports. Generally, this is a 256-bit encryption. If your browser does not support a 256-bit encryption, we draw on the 128-bit v3 technology instead. Whether a single page of our Internet presence is transmitted in an encrypted manner can be learned from the closed representation of the key or lock symbol, respectively, that is displayed in your browser’s bottom status bar.
In all other regards, we use suitable technical and organisational security measures to protect your data against accidental or intentional manipulations, partial or complete loss, destruction, or the unauthorised access of third parties. We continuously improve our security measures in accordance with the technological development.
12. Terms of participation (free tickets for the Happinez Festival):
*The winners will be selected by random draw and notified by message by 06-05-2019. A person enters the competition by sending an email to email@example.com by 30 April 2019 or by commenting on the relevant post on Facebook with the keyword “Happinez Festival”. Only one entry per person allowed. Employees of Maharishi Ayurveda Europe B.V. and their families are not eligible to participate. Prizes may be transferred to third parties but may not be exchanged for cash. This competition is not connected to Facebook and is in no way sponsored, supported or organised by Facebook. The organiser is the sole contact person and responsible for the competition. The organiser’s decision is final. The personal data collected are only used for the purpose of notifying the winner.