Home
Data Privacy

Privacy Policy

Data Protection Declaration

Unless otherwise specified below, providing your personal data is neither legally nor contractually obligatory, nor required to conclude a contract. You are not obligated to provide your data. Not providing it will have no consequences, unless processing procedures described below state otherwise.

“Personal data” is any information relating to an identified or identifiable natural person.

Server Log Files

You can use our website without submitting personal data.

Every time our website is accessed, user data is transferred to us or our web hosts/IT service providers by your internet browser and stored in server log files. This stored data can include: name of the site called up, date and time of the request, IP address, amount of data transferred, and the provider making the request. The processing is carried out on the basis of Art. 6(1)(f) of the GDPR due to our legitimate interests in ensuring the smooth operation of our website as well as improving our services.

Contact

Responsible Person

Sunday Natural Products GmbH
Potsdamer Straße 83
10785 Berlin
Germany
Email: service@sunday.de
Telefax: +49 (0)30 2574 2918

Our data protection manager is:

HB E-Commerce Rechtsanwaltsgesellschaft mbH
Arcus Park Haus B
Torgauer Straße 233
04347 Leipzig
Email: datenschutz@sunday.de

Proactive Contact of the Customer by Email

If you contact us via email, we will only collect your personal data (name, email address, message content) to the extent provided by you. The purpose of processing this data is to manage and respond to your contact request.

If the initial contact serves to implement pre-contractual measures (e.g. consultation in the case of purchase interest, order creation) or concerns an agreement already concluded between you and us, data processing takes place on the basis of Art. 6(1)(b) of the GDPR.

If the initial contact occurs for any other reason, data processing takes place on the basis of Art. 6(1)(f) of the GDPR. This is done for the purpose of our overriding, legitimate interest in handling and responding to your request. In such a case, on grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data carried out on the basis of Art. 6(1)(f) of the GDPR.

We will only use your email address for processing your request. Your data will subsequently be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and Processing When Using the Contact Form

When you use the contact form, we will only collect your personal data (name, email address, message content) to the extent provided by you. The purpose of processing this data is to make contact.

If the initial contact occurs for any other reason, data processing takes place on the basis of Art. 6(1)(f) of the GDPR for the purposes of our overriding, legitimate interest in handling and responding to your request. In such a case, on grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data carried out on the basis of Art. 6(1)(f) of the GDPR.

We will only use your email address for processing your request. Your data will subsequently be deleted, unless you have consented to further processing and use.

Customer Account Orders

Customer Account

When you create a customer account, we collect your personal data within the scope specified. Processing this data is for the purpose of improving your shopping experience and simplifying order processing and will be carried out in accordance with Art. 6(1)(a) of the GDPR, with your consent. You can withdraw your consent at any time without affecting the legality of the processing that occurred with your consent prior to the withdrawal. If you withdraw your consent, your customer account will be deleted.

Collection, Processing, and Transfer of Personal Data in Orders

When you submit an order, we only collect and use your personal data insofar as this is necessary to fulfill and handle the order as well as address any queries. Providing personal data is necessary to conclude a contract. Data processing occurs on the basis of Art. 6(1)(b) of the GDPR. Failure to provide the necessary personal data will prevent the conclusion of any contract.

Your data is then transferred to the e.g. shipping carriers and drop shipping providers, payment service providers, service providers for handling the order, and IT service providers that you have selected. We comply strictly with legal requirements in all cases. The scope of data transmission is kept to a minimum.

Transmission to Yoshi en GmbH

If you sign up for a customer account with our sister company Yoshi en GmbH (yoshien.com), you have the option to use your customer account information from Sunday (such as your email address, name, address book, and newsletter preferences) for registration and/or ordering purposes on yoshien.com. To make the registration and ordering process smoother on yoshien.com, we might send a hashed version of your email address to Yoshi en GmbH. This hashed value is solely used for the purpose mentioned above. Your personal data will not be shared without your consent. We process this information based on Art. 6(1)(f) of the DSGVO, as it aligns with our legitimate interest in facilitating an easier registration and ordering experience on the yoshien.com website.

Advertising

Use of eKomi

For the purpose of gathering customer evaluations of our products and of Sunday Natural as a provider, as well as for our own quality management purposes, we utilise the services of eKomi Ltd. (Zimmerstraße 11, 10969 Berlin, "eKomi").

We send feedback requests via email. If you give your express consent, you will subsequently receive an email from eKomi with the evaluation request. For this purpose, personal data, including your name, email address, and order details, will be shared with eKomi in accordance with a contractual agreement for order processing.

We process your data with your consent based on Art. 6(1)(a) of the DSGVO. You can withdraw your consent at any time by clicking the unsubscribe link provided in eKomi’s email or by contacting us. Your email address will then be removed from the distribution list. Withdrawing your consent does not affect the legality of the processing conducted with your consent prior to its withdrawal.

Further information on data protection at eKomi can be found at https://www.ekomi.co.uk/uk/privacy/.

Use of Bloomreach/Expose

We use the service of Bloomreach Inc. (BloomReach, Inc. 82 Pioneer Way, Mountain View, CA 94041, “Bloomreach”) for newsletter dispatch as part of an order processing.

We pass on the information you provide during the newsletter registration (e-mail address, first and last name, if applicable) to Bloomreach. The data processing serves the purpose of sending the newsletter and its statistical evaluation.

In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Within this context, we collect your personal data such as IP address, browser type and device as well as the time. A usage profile can be generated from this data under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns.

The data processing serves the purpose of sending the newsletter and its statistical evaluation. For the USA, no adequacy decision from the EU Commission is available. The data transfer will be based, among other things, on standard contractual clauses as appropriate guarantees for the protection of personal data, available at: Standard Contractual Clauses (SCC).

The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you.

You can find more information and Bloomreach's privacy policy at: Bloomreach, Bloomreach Services Privacy Notice | Bloomreach and Bloomreach CCPA Privacy Policy Addendum | Bloomreach.

Use of Your Personal Data for Sending Advertising Mail

We use the personal data (name, address) that we receive in the process of the sale of goods or services to send you advertising mail, unless you have objected to this use. Providing personal data is necessary to conclude a contract, and failure to provide the necessary personal data will prevent the conclusion of any contract.

We process your data on the basis of Art. 6(1)(f) of the GDPR for the purpose of our legitimate interest in direct advertising. You can object to this use of your address information at any time by contacting us. You will find the necessary contact details in our imprint.

Use of Your Email Address for Sending Newsletters

Outside of contractual processing, we only use your email address if you have given us your explicit consent to send you a newsletter for our own marketing purposes. Your data will then be processed according to Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the legality of the processing that occurred with your consent prior to the withdrawal. You can unsubscribe from the newsletter at any time using the link provided in the newsletter or by contacting us. This does not incur any costs other than transmission costs in accordance with the basic rates. We will then remove your email address from our mailing list.

Your data will be forwarded to a service provider for email marketing in the course of order processing. It will not be shared with any other third parties.

Use of Your Email Address for Direct Marketing

We may use your email address, which we obtained in the course of selling a good or service, for the purpose of electronically marketing our goods or services to you which are similar to those you have already purchased from us, unless you have objected to this use. This direct advertising is allowed under the conditions of section 7(3) of the UWG. Providing your email address is necessary to conclude a contract. Failure to provide it will prevent the conclusion of any contract. Processing will be carried out on the basis of Art. 6(1)(f) of the GDPR for the purpose of our legitimate interest in direct marketing. You can object to this use of your email address at any time by contacting us. You will find the necessary contact details in our imprint. You can also use the link provided in the marketing email. This does not incur any costs other than transmission costs in accordance with the basic rates.

Shipping Carriers

Forwarding of Your Email Address to Shipping Carriers

Provided you have given us your explicit consent in the order process, we forward your email address to the shipping carrier in the course of contractual processing. This is done to keep you informed via email about the shipping status of your order. The data is processed according to Art. 6(1)(a) of the GDPR. You can withdraw your consent at any time by contacting us or the shipping carrier without affecting the legality of the processing that occurred with your consent prior to the withdrawal.

Payment Service Providers Credit Check

Use of PayPal Express

Our website uses the PayPal Express payment service by PayPal (Europe) S.à.r.l. et Cie, S.C.A. (22-24 Boulevard Royal, L-2449 Luxembourg; "PayPal").

To integrate this payment service, PayPal collects, stores, and analyses data from your device when you access the website (e.g. IP address, device type, operating system, browser type, device location). Cookies may be used for this purpose, which allow your internet browser to be recognised.

The processing of your personal data is carried out in accordance with Art. 6(1)(f) of the GDPR for the purpose of our overriding, legitimate interest in offering our customers a variety of different payment methods. On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data carried out on the basis of Art. 6(1)(f) of the GDPR.

The data needed to process your payment will be submitted to PayPal upon selecting and using the PayPal Express payment method, in order to fulfill the agreement with you using the chosen payment method. The data is processed according to Art. 6(1)(b) of the GDPR.

Further information on data processing when using the Paypal Express payment service can be found here in the associated privacy policy.

Payment Options from Klarna

In order to provide Klarna's payment services to you, we provide Klarna with personal data such as your contact details and order information. This allows Klarna to determine whether you can make use of their payment options as well as to tailor them to your needs. General information about Klarna can be found here. Klarna will process your personal data in accordance with the applicable data protection regulations and in accordance with the information in Klarna's Privacy Policy.

Cookies

Our website uses cookies, which are small text files saved by a user's internet browser either in the browser itself or in the user’s computer system. When a user visits a website, the browser may save a cookie containing a unique character string that allows the browser to be identified when the website is visited again.

Since cookies are stored on your computer, you have full control over their use. You can set your internet browser to notify you before a cookie is set, allowing you to choose whether to accept or reject it. You can also delete existing cookies at any time. Note, however, that rejecting or deleting cookies may prevent you from using all the features of this website.
Learn how to manage cookies in popular browsers using the links below:

Chrome Browser: https://support.google.com/accounts/answer/61416?hl=en
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically Necessary Cookies

Some cookies enable our systems to recognize your browser after page changes, which allows us to offer enhanced services. We use these and other technically necessary cookies to make our website more user-friendly, effective, and secure. Certain functions of our website cannot be provided without the use of cookies, as they require your browser to be recognized after a page change.

The use of cookies or similar technologies is carried out on the basis of Art. 25(2) of the TTDSG. Your personal data is processed according to Art. 6(1)(f) of the GDPR for the purpose of our largely justified interest in ensuring the optimal functionality of our website as well as a user-friendly and effective design for our range of services. On grounds relating to your particular situation, you have the right to object at any time to the processing of your personal data carried out on the basis of Art. 6(1)(f) of the GDPR.

Use of Consentmanager

Our website uses Consentmanager, consent management tool by Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden; "Consentmanager").

This tool enables you to grant consents for data processing via the website, in particular the use of cookies, and to exercise your right of revocation for consents already given.

In this case, the processing of data serves the purpose of obtaining the necessary consents for data processing and to document these, thereby complying with statutory obligations.
Cookies may be used for this purpose. Information collected and transmitted to Consentmanager in the course of this process may include: date and time of page retrieval, information about the browser and device in use, anonymised IP address, and opt-in/opt-out data. This data will not be shared with any other third parties.

The data processing is carried out on the basis of Art. 6(1)(c) of the GDPR in compliance with legal requirements.

More information on data protection at Consentmanager is available at: https://www.consentmanager.net/privacy.php.

Analysis Advertising Tracking Communication

Use of Google Analytics

Our website uses the Google Analytics web analysis service by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”).

Data processing is performed here for the purposes of marketing and advertising and serves to analyse our website and its visitors.

Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide other services relating to website and internet use. Information collected may include: IP address, date and time of access, click path, information about the browser and device used, visited pages, referrer URL (the website from which you accessed our website), location data, and purchase activities. The IP address transmitted from your browser within the scope of Google Analytics is not associated with any other data held by Google.

Google Analytics uses technologies like cookies, web storage in the browser, and tracking pixels to analyze your use of the website. The information generated by these technologies is usually sent to a Google server in the USA and stored there. Google has incorporated standard contractual clauses as safeguards for the protection of personal data, available at: https://policies.google.com/privacy/frameworks and https://business.safety.google/adsprocessorterms/. Both Google and US government authorities can access your data. Google may combine your data with other data, such as your search history, personal accounts, usage data from other devices, and any other information Google has about you.

IP anonymisation is enabled on this website. Google uses this to shorten your IP address beforehand within Member States of the European Union or other signatories to the European Economic Area Agreement. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

We only use cookies or similar technologies with your consent, as required by Section 25(1) sentence 1 of the TTDSG in conjunction with Article 6(1)(a) of the GDPR. Your personal data is also only processed with your consent, as per Article 6(1)(a) of the GDPR. You can withdraw your consent at any time without affecting the legality of the processing that occurred with your consent prior to the withdrawal.

You can find more detailed information on the terms and conditions of use and data protection at https://www.google.com/analytics/terms/de.html and/or at https://www.google.de/intl/de/policies/ and https://policies.google.com/technologies/cookies?hl=de.

Klar Attribution

We use the services of Klar (Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany) on our website. Klar, collects, processes and stores data on this website and its subpages for reach measurement, statistical analysis. This collection takes place on the following legal basis:

If there is no consent from the user, the data is collected anonymously, i.e. without collecting personal or personally identifiable data, and in groups, i.e. by randomly assigning the collected data to groups of users. It is therefore not possible to draw conclusions about individual users. This anonymous collection is mandatory according to § 25 para. 2 no. 2 TTDSG in order to optimize business costs and thus ensure the desired service.

If the user has given his consent in accordance with Article 6 (1) sentence 1 a GDPR and Section 25 (1) sentence 1 TTDSG, the data to be processed will be collected on a user-specific basis.

For the aforementioned different types of collection, different cookies are used to ensure the respective type of collection.

Objection

To object to the use of Klar in principle, please use this Link. This will set a cookie with the name "do_not_track" from the domain "https://sunday.de ". Please do not delete it, otherwise we cannot guarantee that you will not be tracked by Klar. Information on data protection and data use can be found on the following website of Klar: https://www.getklar.com/data-protection.

Use of Hotjar

Our website uses an analysis tool by Hotjar Ldt. (Level 2, St Julian's Business Centre, 3, Elia Zammit Street, St Julians STJ1000, Malta; "Hotjar").

Data processing is performed here for the purpose of designing and optimising our website for your needs.

Hotjar collects visitors' movements on our website by randomly recording data such as mouse movements, scrolling behavior, dwell time and clicks (also known as a heat map).

Cookies are among the technologies that Hotjar uses to collect this data. Information collected through the use of cookies may include: anonymised IP address, information about the device used (screen size, device type, unique identifier), information about the browser used, location data (country only), preferred language for displaying the website, and operating system used. Detailed information about the cookies used, their functions, and storage periods can be found here: https://help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.

This data is used to create user profiles under a pseudonym. The data is not used to personally identify the visitor of the website and is not merged with personal data of the bearer of the pseudonym. Hotjar is contractually prohibited from selling the collected data to other third parties.

For more information about data protection with Hotjar, please refer to: https://www.hotjar.com/legal/policies/privacy/#enduserenglish.

Use of Facebook Pixel

Our website uses the Custom Audiences remarketing feature by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; "Facebook").

By implementing Facebook’s remarketing tag on our website, visitors to our website will be targeted with personalised advertising on the social network Facebook. This tag sets up a direct connection to Facebook’s servers when you visit our website, informing the Facebook server which of our web pages you visit. Facebook then assigns this information to your personal Facebook user account in order to show you personalised advertisements when you visit Facebook.

Meta Platforms Ireland and we are jointly responsible for the collection of your data and the transfer of this data to Facebook for this purpose. The basis for this is an agreement between us and Meta Platforms Ireland on the joint processing of personal data, in which the respective responsibilities are defined. The agreement can be found at https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for fulfilling the information requirements specified in Art. 13 and 14 of the GDPR, for implementing and configuring the service in accordance with the security requirements of Art. 32 GDPR, and for complying with the obligations of Art. 33 and 34 GDPR, insofar as a breach of personal data protection concerns our obligations under the joint data processing agreement. Meta Platforms Ireland is responsible for handling requests from data subjects exercising their rights under Art. 15–20 of the GDPR, for complying with the security requirements outlined in Art. 32 of the GDPR, as well as meeting the obligations specified in Art. 33 and 34 of the GDPR, insofar as a breach of personal data protection concerns Meta Platforms Ireland's obligations under the joint data processing agreement.

Your data may be transferred to the United States. The European Commission has not issued an adequacy decision regarding data transfers to the U.S. As such, data is transferred under standard contractual clauses that safeguard personal data. For more information, see: https://www.facebook.com/legal/EU_data_transfer_addendum.

You can find more detailed information on Facebook’s collection and use of data, and your associated rights and options for protecting your privacy, in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Use of Google Ads Conversion Tracking

Our website uses the Google Ads online marketing program, including conversion tracking. Google conversion tracking is a service operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

If you click on adverts placed by Google, a cookie is placed on your computer for conversion tracking (the evaluation of user actions). These cookies contain no personal data and expire quickly, preventing any personal identification. They only serve to identify when a user is accessing certain pages on our website via a Google ad and allow both we and Google to recognise such referrals. Each Google Ads customer receives a unique cookie.

The information collected using the conversion cookie allows us to record the total number of users who have clicked on our adverts and were forwarded to a page equipped with a conversion tracking tag. In this way we can produce conversion statistics while keeping user data anonymous.

You can find more information as well as Google’s data privacy policy at: https://www.google.com/policies/privacy/.

Use of the Remarketing and Similar Audiences Function by Google

Our website uses remarketing and similar audiences by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

This application serves to analyse visitor behaviour as well as visitor interests.

Google uses cookies to analyse website use and show personalised ads. The cookies record website visits and anonymous usage data without storing any personal information. If you then visit another website in Google's ad network, you may be shown ads based on your past activity.

You can find more detailed information on Google remarketing as well as the associated privacy policy at: https://www.google.com/privacy/ads/.

Use of the "Zendesk Chat" Live Chat System

Our website uses Zendesk Chat by Zendesk Inc. (1019 Market Street, 6th Floor, San Francisco, California 94103, USA; "Zendesk").

The system serves to facilitate communication between you and us in our role as a service provider. Cookies are used to recognize your internet browser and generate a pseudonymous usage profile.

Your data may be transferred to third countries. If Zendesk transmits the data to third countries not covered by an adequacy decision, such as the U.S., the transfer will occur on the basis of binding internal data protection provisions pursuant to Art. 47 of the GDPR. These provisions can be found at https://d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK - BCR Processor Policy.pdf and https://d1eipm3vz40hy0.cloudfront.net/pdf/ZENDESK-BCR-Controller-Policy.pdf.

You can find more detailed information on Zendesk’s collection and use of data and your associated rights and options for protecting your privacy in Zendesk’s privacy policy at: https://www.zendesk.com/company/customers-partners/privacy-policy/.

Use of the Tradedoubler Affiliate Programme

Our website uses the Tradedoubler affiliate programme by Tradedoubler GmbH (Mainzer Str. 13, 80804 Munich; "Tradedoubler").

When you click on our affiliate advertisements, Tradedoubler places a conversion tracking cookie on your computer. The cookie tracks the ads’ success by recognising resulting orders and attributing them to the appropriate advertiser. This also ensures correct billing within the affiliate programme.

Tradedoubler also uses fingerprinting, which enables recognition of your device and can track that you viewed or clicked a partner link. The information recorded by Tradedoubler includes order details (such as value, contents, sales channel, and voucher use) and user ID. User IDs are numeric sequences that anonymise user identities while tracking user actions and the end device.

Your data may be transferred to third countries such as the United States. The European Commission has not issued an adequacy decision regarding data transfers to the U.S. As such, data is transferred under standard contractual clauses that safeguard personal data. For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

We only use cookies or similar technologies with your consent, as required by Section 25(1) sentence 1 of the TTDSG in conjunction with Article 6(1)(a) of the GDPR. Your personal data is also only processed with your consent, as per Article 6(1)(a) of the GDPR. You can revoke your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation.

Detailed information about the use of data in Tradedoubler’s privacy policy is available at: https://www.tradedoubler.com/de/privacy-policy/ and https://www.tradedoubler.com/de/gdpr-compliance/.

Plugins

Use of the Google Tag Manager

Our website uses Google Tag Manager by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

This application manages JavaScript and HTML tags, which are used to implement tracking and analysis tools. Data processing is performed here to optimise the functionality of our website and its design.

Google Tag Manager does not store cookies or process personal data. However, it does enable the triggering of further tags that may collect and process personal data. For more detailed information on its terms and conditions of use and data protection, see: https://www.google.com/intl/de/tagmanager/use-policy.html.

Use of Social Plugins

Our website uses social network plugins. The integration of these plugins, and the associated data processing, serves the purpose of optimising the advertising for our products.

To integrate social plugins, your computer must establish a connection with the servers of the social network service provider. The provider then instructs your web browser to display the plugin on the web page, provided that you have given express consent. During this process, both your IP address and information on the web pages you have visited are transmitted to the provider's servers. This occurs regardless of whether you are registered with or logged in to the social network. If you are logged in to one or more social network accounts, the collected information may also be assigned to your user profile(s). When using the plugin functions (such as by pressing the appropriate button), this information will also be assigned to your user account. To prevent this assignment, log out of your social media accounts before visiting our website and before using the plugin functions.

Our website integrates the following social networks through social plugins. For more detailed information on the scope and purpose of data collection and use, as well as your associated rights and options for protecting your privacy, please refer to the corresponding provider's privacy policy provided below.

Facebook by Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland).

For more information about data protection, see: https://www.facebook.com/about/privacy/.

Instagram by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland):https://help.instagram.com/155833707900388

For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

Use of Facebook Connect

Our website uses the Facebook Connect single sign-on function by Meta Platforms Ireland Ltd. (Grand Canal Harbour, Dublin, D02, Ireland; "Facebook").

This function allows website visitors to log in to the website using their existing Facebook account. Data processing is for the purposes of verification during registration, personalisation, and personalised advertising. To offer this function on our website, a connection to the Facebook servers is established through the use of cookies. During this process, the following information may be collected and transmitted to Facebook: IP address, browser information, referrer URL (the website through which you accessed our website), and location data. This occurs regardless of whether you are registered with or logged in to the social network. If you are logged in to one or more social network accounts simultaneously, the collected information may also be assigned to your corresponding profiles. To prevent this assignment, log out of your social media accounts before visiting our website and before using the single sign-on function.

When you use the single sign-on function, your Facebook profile is connected with a customer account for the website. In this case, we receive your personal data through Facebook, as stated in the login process. This data may include, but is not limited to, the following information: name, address, email address, friends list, "Likes" information, and public profile information (e.g., name, profile picture, age, gender).

You can find more detailed information on the terms and conditions of use and data protection at https://www.facebook.com/about/privacy/.

Use of YouTube

Our website uses a function provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “YouTube”) for embedding YouTube videos. YouTube is affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

This feature displays YouTube videos in an iFrame on the website. The "advanced privacy mode" option is enabled, which prevents YouTube from storing information about visitors to the website. Information is only transmitted to and stored by YouTube when a video is watched.

You can find further information on the collection and use of data by YouTube and Google, as well as your associated rights and options for protecting your privacy, in YouTube’s privacy policy: https://www.youtube.com/t/privacy.

Use of Vimeo

Our website integrates videos from the Vimeo portal using plugins by Vimeo Inc. (555 West 18th Street, New York, New York 10011, USA; “Vimeo”).

A message in your browser will indicate when you access pages on our website that contain Vimeo plugins and have established a connection with the Vimeo server. Information such as your IP address and the websites you have visited will be transmitted to the Vimeo server. If you are logged into your Vimeo account, this information will be associated with it. When you use the plugin's functions (such as starting a video by pressing the appropriate button), this information will also be associated to your Vimeo account.

The European Commission has not issued an adequacy decision regarding data transfers to the U.S. As such, data is transferred under standard contractual clauses that safeguard personal data. For more information, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_de.

You can find further information about the purpose and scope of enquiry, Vimeo’s continued use and processing of data, and your associated rights and options for protecting your privacy in Vimeo’s privacy policy: https://vimeo.com/privacy.

Use of Google Fonts

Our website uses Google Fonts by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

Data processing serves here to ensure the consistent display of fonts on our website. In order to load the fonts, a connection to Google servers is established when the page is accessed. Among other data, your IP address and information about the browser you are using will be processed and transmitted to Google. However, this data is not linked to your Google account.

You can find more detailed information on the data processing and data protection at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.

Use of AWS

Our website uses the AWS service by Amazon Web Services EMEA SARL (38 John F. Kennedy Avenue, L-1855, Luxembourg; "AWS").

This is a supra-regional network of servers located in various data centers. We use the provider's server infrastructure to expand our database and application servers.

Data processing serves the purpose of making our website available and of maintaining its functionality. Information collected may include: IP address, system configuration information, and information about traffic to and from customer websites (server log files).

Processing is carried out on the basis of Art. 6(1)(f) of the GDPR for the purposes of our legitimate interest in providing a needs-based and targeted design of our website. On grounds relating to your particular situation, you have the right to object at any time to this processing of your personal data and carried out on the basis of Art. 6(1)(f) of the GDPR.

For more information about data protection when using AWS, please visit https://docs.aws.amazon.com/de_de/AmazonCloudFront/latest/DeveloperGuide/data-protection-summary.html and https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.

Use of Google Optimize

Our website uses Google Optimize by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google").

Data processing is used for A/B testing to track the effects of various changes made to a website, such as changes to input fields and design. Cookies are placed on your end device for these testing purposes. Only pseudonymous user data is processed, which may include your IP address and information about the browser you are using. This data may be transmitted to Google, but it is not linked to your Google account.

You can find more information about data processing and data protection at https://www.google.de/intl/de/policies/ and at https://developers.google.com/fonts/faq.

Use of CND

Our website uses the Motion Media Analytics tracking script by CND (CND Motion Media GmbH, Holzstr. 2, 80469 Munich, Germany) in order to measure the effects of our TV spots through the use of our websites.

The CND tracking script can generally work without cookies. However, with your consent and on our behalf, CND sets a session cookie to register all page requests as well as a cookie with the time of your first visit which is deleted after 28 days.

Within the scope of the survey, users are recorded as a statistical variable. This means that visitor events are recorded solely for statistical purposes. All IP addresses and hashed email addresses collected in the process are therefore anonymised, making it impossible to retrieve any data about individual households or persons. CND does not collect or permanently store any personal data.

If you would like to prevent CND from collecting data during your visit to our website, you can deactivate CND directly with the provider here: https://analytics.cnd-motionmedia.de/web/function/optout.

You can find more information on data processing and data protection at: https://www.cnd-motionmedia.de/media/pdf/datenschutz.pdf.

Rights of Persons Affected and Storage Duration

Duration of Storage

Once contractual processing is complete, data will be stored initially for the duration of the warranty period, then in accordance with retention periods prescribed by law (primarily tax and commercial law). The data will then be deleted, unless you have consented to further processing and use.

Rights of the Affected Person

If the legal requirements are met, you have the following rights according to Art. 15–20 of the GDPR: the right to information, correction, deletion, restriction of processing, and data portability. You also have the right to object to processing on the basis of Art. 6(1) of the GDPR, and the right to object to processing for the purposes of direct marketing on the basis of Art. 21(1) of the GDPR.

Right to Lodge a Complaint

If you believe that your data is not being processed legally, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 of the GDPR.

You can contact the supervisory authority responsible for us here:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Tel.: +49 (0)30 13889-0
Fax: +49 (0)30 2155050
Email: mailbox@datenschutz-berlin.de

Right to Object

If the data processing outlined here is based on our legitimate interests in accordance with Art. 6(1)(f) of the GDPR, you have the right to object at any time to the processing of your data with future effect, on grounds relating to your particular situation.

If the objection is successful, we will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests or rights and freedoms, or if the processing is necessary for the assertion, exercise, or defense of legal claims.

If we process your personal data for direct advertising purposes, you have the right to object at any time by notifying us. If the objection is successful, we will no longer process your personal data for the purposes of direct advertising.

Responsible for personal data:

Sunday Natural Products GmbH
Potsdamer Straße 83
10785 Berlin
Germany

Managing directors: Robert Bosch, Anja Graw, Szymon Zwierzynski, Mathias Trilk, Roman Huber, Raimund Reisinger
AG Berlin-Charlottenburg: HRB 152621 B

Last updated: 08.07.2023