Thank you for your interest in our website. We highly value the privacy of your personal data as you visit and use our site.
- The protection of your privacy is very important to us
- We handle your data responsibly and for specific purposes only
- We are aware of the meaning of the data you entrust to us
- We do not share your data with third parties without your permission
1. Data security at a glance
The following gives an overview of what happens to your personal data when you visit our website. Personal data is information that can be used to learn your identity, including: your name, address, postal address, email address and telephone number. Excluded is information that cannot be connected to your identity, such as the number of users of an internet site. You can use our online offerings without disclosing your identity.
Data collection on our website
Who is responsible for collecting data on this website?
Data on this website is processed by BIOFA Naturprodukte W. Hahn GmbH, Markus Hahn in Bad Boll.
How do we collect your data?
Your data is collected in that you share it with us. This includes data that you enter into the contact formula, for instance.
Other data are automatically recorded during a visit to the website through our IT-System. When you visit our website or use our services, the device with which you open our site automatically transmits log data (connection details) to our servers. Log data include the IP address of the device and the type of browser with which you access our website, the site you visited previously, your system configurations and the date and other time specifications. The IP addresses are only saved to the extent needed to provide our services; otherwise, they are deleted or anonymized. We save your IP address for a maximum of 7 days in order to detect and protect against attacks.
When you request information, order e-books or make other inquiries, we ask for your name and other personal information. It is your choice whether to enter this information. We store your information on specially protected servers in Switzerland. Following an appropriate examination, the EU Commission has certified Switzerland a level of data protection comparable to EU law. Data transmission from the EU to Switzerland is permitted under data protection law. It may only be accessed by a few authorized persons. They are responsible for the technical, commercial or editorial support of the content and servers.
Insofar as the usage or traffic data are required for our services, they will be stored for a maximum of six months after collection of the data. If the data is required to fulfill existing statutory or contractual retention periods (such as invoices), that information will also be stored. However, these data are locked and accessible to few, authorized persons via passwords.
What do we use your data for?
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyze your user behavior.
What rights do you have regarding your data?
At any time, you have the right to obtain free information about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions about data protection, you can contact us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the competent supervisory authority.
Analysis tools and third-party tools
2. General information and mandatory information
Please note that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
Note to the responsible body
The responsible body for the data processing on this website is:
BIOFA Naturprodukte W. Hahn GmbH
73087 Bad Boll
Telefon +49 (0) 7164-9405 0
Fax +49 (0) 7164-9405 96
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and direct mail (Article 21 GDPR)
If your personal data is processed to operate direct mail, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail. If you object, your personal data will then no longer be used for the purpose of direct advertising (objection under Art. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the case of violations of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract, in itself or to a third party in a standard, machine-readable format. If you require the direct transfer of the data to a different liable person, this will only be done to the extent technologically feasible.
This site uses SSL encryption for security purposes and to protect the transmission of sensitive content, such as orders or requests that you send to us as a site operator. An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar.
If SSL encryption is enabled, the data you submit to us cannot be read by third parties.
Encrypted payments on this website
If, after the conclusion of a fee-based contract, there is an obligation to provide us with your payment details (such as your account number for direct debit authorization), this data will be required for payment processing.
Payment transactions via the common means of payment (Visa / MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection. An encrypted connection is indicated by the browser's address bar changing from "http: //" to "https: //" and the lock icon in your browser bar.
In the case of encrypted communication, your payment details that you send to us cannot be read by third parties.
Information, blocking, deletion
Within the scope of the applicable legal provisions, you have the right at any time to provide free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. For further information on personal data, please contact us at any time at the address given in the imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. To this aim, you can contact us at any time at the address given in the imprint. The right to restrict processing exists in the following cases:
- 1. If you deny the accuracy of your personal information stored with us, we usually need time to verify this. For the duration of the audit you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion.
- 3. If we no longer need your personal information, but you need it to exercise, defend or assert a claim, you have the right to demand that your personal information be restricted instead of being deleted.
- If you have filed an objection pursuant to Art. 21 (1) GDPR, a balance must be made between your interests and ours. As long as it is not clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interest the European Union or a Member State.
3. Data collection on our website
The internet pages partly use so-called cookies. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our offer more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, or disable cookies generally or for certain cases, or automatically delete them when you close the browser. Disabling cookies may limit the functionality of this website.
These are cookies that are used by the Worldsoft CMS, with which this website is created, depending on the modules used:
Usercookie | 365 days | Registered User
session_name | 15 min. | Session
wslanguage | 15 min. | Chosen Language
install_language* | 15 min. | Language of the CMS installation
ws_delayedPopup_* | 1825 days | Show popup only once
wspollsvoterid | 30 days | Survey / only one answer possible
reseller_nr | 90 days | Determination of the reseller
wsshopbasketid | 30 days |Shop module – Shopping cart
wsvote_* | 15 min. | Voting module first supplier
Server Log Files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
- Browser type and browser version
- used operating system
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data will not be merged with other data sources.
The basis for data processing is Art. 6 (1) lit. f of the GDPR, which allows the processing of data to fulfill a contract or pre-contractual measures.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). You can revoke this consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or delete the purpose for data storage (for example, after your request has been processed). Mandatory statutory provisions - especially retention periods - remain unaffected.
Registration on this website
You can register on our website to use additional features on the site. We only use the data entered for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be given in full. Otherwise we will reject the registration.
We use the e-mail address specified during the registration in order to inform you of important changes, for example, in the scope of the offer or in case of technically necessary changes.
The processing of the data entered during registration takes place on the basis of your consent (Art. 6 (1) lit. GDPR). You can revoke your consent at any time. An informal message by e-mail to us is sufficient. The legality of the already completed data processing remains unaffected by the revocation.
The data collected during registration will be stored by us as long as you are registered on our website and will subsequently be deleted. Legal retention periods remain unaffected.
Processing data (customer and contract data)
We collect, process and use personal data only insofar as they are necessary for the establishment, content or modification of the legal relationship (stock data). This is done on the basis of Art. 6 (1) lit. b of the GDPR, which allows the processing of data for the performance of a contract or precontractual measures. We only collect, process and use personal data on the use of our Internet pages (user data) insofar as this is necessary in order to enable or charge the user for the use of the service.
The collected customer data will be deleted after completion of the order or termination of the business relationship. Legal retention periods remain unaffected.
Data transmission at the conclusion of the contract for online shops, dealers and goods dispatch
We only transfer personal data to third parties if this is necessary in the course of the contract, for example to the companies entrusted with the delivery of the goods or to the bank responsible for processing the payment. A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
The basis for data processing is Art. 6 (1) lit. b of the GDPR, which allows the processing of data for the performance of a contract or precontractual measures.
Data transfer at the conclusion of the contract for services and digital content
We only transfer personal data to third parties if this is necessary in the course of the contract, for example to the bank responsible for the processing of payments.
Contract or precontractual measures permitted.
A further transmission of the data does not take place or only if you have expressly consented to the transmission. A transfer of your data to third parties without explicit consent, such as for advertising purposes, does not occur.
The basis for data processing is Art. 6 (1) lit. b of the GDPR, which allows the processing of data for the performance of a contract or precontractual measures.
CRM (Worldsoft Business Suite)
This website uses the Worldsoft Business Suite (WBS). Provider is Worldsoft AG, Churerstrasse 158, 8808 Pfäffikon, Switzerland.
The Worldsoft Business Suite (WBS) is a CRM (Customer Relationship Management), with which data can be organized and analyzed.
If you submit your personal data via a web form, this data will be stored on the servers of Worldsoft AG in Switzerland. Following an appropriate examination, the EU Commission has certified Switzerland a level of data protection comparable to EU law. Data transmission from the EU to Switzerland is permitted under data protection law.
The purpose of the use results from the context in the transmission of your data. Your data will be used for the purpose for which it was originally collected.
The data processing takes place on the basis of your consent (Art. 6 (1) lit. GDPR). You can revoke this consent at any time. The legality of the already completed data processing operations remains unaffected by the revocation.
Data analysis by the WBS
The WBS enables us to subdivide prospective customers and customers according to various categories (so-called tagging). In this case, the address entries can be e.g. by gender, personal preference (e.g., vegetarian or non-vegetarian) or customer relationship (e.g., customer or potential customer).
4. Social media
Social Media Plugins with Shariff
Our pages use social media plugins (e.g., Facebook, Twitter, Google+, XING, LinkedIn).
The plugins can usually be identified by the respective social media logos. To ensure privacy on our website, we use the Shariff module on our website. A Shariff button does not establish direct contact between a social network and you until you actively click on the Share button. This application prevents users from leaving a digital track on every page visited and improves privacy.
You can like, + 1 or tweet with the Shariff module - the respective social network does not receive more information.
5. Plug-Ins and tools
This site uses the mapping service Google Maps via an API. Provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to save your IP address. This information is usually transmitted to and stored by Google on servers in the United States. As a provider of this page, we have no influence on this data transfer.
The use of Google Maps is for the sake of an appealing presentation of our online offers and an easy findability of the places we specify on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f of the GDPR.
This website uses the service Wistia for the presentation of online videos. This service is offered by Wistia Inc., 17 Tudor Street, Cambridge, USA. Wistia uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is transmitted to servers in the United States.
You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all the functions of this website in full.
For more information about the processing and storage of data by Wistia, Inc., visit: http://wistia.com/privacy.
6. Payment provider
This website offers payment via PayPal. Provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal").
If you choose to pay via PayPal, the payment details you enter will be sent to PayPal.
The transmission of your data to PayPal is based on Art. 6 (1) lit. a of the GDPR (consent) and Art. 6 (1) lit. b of the GDPR (processing to fulfill a contract). You have the opportunity to revoke your consent to data processing at any time. A revocation does not affect the effectiveness of historical data processing operations.
7. Protection of minors
Children and persons under the age of 18 should not submit any personal information to us without the consent of their parents or guardians.
8. Links to other websites
Our online offer contains links to other websites. We have no control over their operators' compliance with data protection regulations.
9. Prohibition of advertising mails
The use of contact data published in the context of the imprint obligation for the sending of unsolicited advertising and information materials is hereby prohibited. We, the site operators, expressly reserve the right to take legal action in the event of unsolicited promotional information, such as spam e-mails.