As far as is not stated below, the provision of personal data is neither legally nor contractually mandatory, nor a prerequisite for the conclusion of a contract. The user is not obligated to provide data. A non-provision has no consequences. These conditions are valid only insofar as no other provisions are described below in accordance with processing operations.
"Personal data" refers to all information that is related to an identified or identifiable natural person.
Server Log Files
Users can visit our website without providing personal information. With each visit to our website, user data is transmitted from the user's internet browser and saved in Sunday's protocol data (server log files). Among the saved data are the name of the visited site, date, time of visit, data volume transferred, and the requesting provider. The data serves exclusively to guarantee unobstructed use of our website and to improve our services. The attribution of this data to specific persons is not possible.
When a user opens a customer account, we gather the user's personal data to the extent specified. Data processing serves the purpose of improving the user's shopping experience and simplifying the order transaction. Processing takes place in accordance with Art. 6 (1) of the General Data Protection Regulation (GDPR) and with the user's consent. The user can withdraw their consent at any time by contacting us; the legality of data processing from the point of initial consent and revocation of consent is not affected. The user account account is then deleted.
Collection, Processing, and Use of Personal Data for Orders
Web Hosting Services via a Third Party Provider
A third party provides Sunday with the services of hosting and presenting the website, including processing, on our behalf. This service facilitates our legitimate interest in guaranteeing an accurate representation of our offerings. All data, which is gathered as described below within the framework of using the website, or collected via provided forms in the online shop, is processed on the service provider's servers. Processing on other servers only occurs within the scope described here.
The service provider is based in Germany.
Use of Email and Mailing Address for Direct Advertising
We utilise the user's email and mailing address received in the course of selling goods or services for the electronic and physical mailing of advertising for our own goods or services that are similar to those already acquired by the user, so long as the user has not declined such usage of their data. The provision of an email and mailing address is required for the conclusion of a contract. The non-provision of data carries the consequence that no contract can be concluded. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in direct advertising. The user can withdraw their consent to advertising at any time by contacting us via the contact information provided in our imprint. The user can also use the provided link in the advertisement email to unsubscribe. There are no additional costs for this service beyond the necessary transmission costs.
Transferral of Email Addresses to Delivery Services for Shipping Status Information
The transferral serves the purpose of permitting the user to access shipping status. Processing takes place in accordance with Art. 6 (1) of the General Data Protection Regulation (GDPR) and the user's consent. The user can withdraw their consent at any time by contacting us or the delivery service; the legality of data processing from the point of initial consent and revocation of consent is not affected.
Use of PayPal
Processing takes place in accordance with § 15 (3) of the German "Telemedien Gesetz" (TMG, Telemedia Law) as well as Art. 6 (1) of the GDPR on the basis of the legitimate interest for the aforementioned purposes. The data gathered in this manner from the user is anonymised via technical precautions. The attribution of this data to specific persons is not possible. The data is not saved together with other personal data. The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR. Cookies are saved on the user's computer. By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. Cookies that have already been saved can be deleted at any time. The deletion of all saved cookies may result in a situation where the user can no longer make full use of all the functions available on our website.
The following links provide further information regarding the management as well as deactivation of cookies on major internet browsers:
Usage of Google Analytics
On our website we use the website analysis service Google Analytics from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Processing serves the purpose of analysing the website and its visitors. To this end and on behalf of the website operator, Google uses the acquired information to analyse the user's interaction with the website, to compile reports on website activities, and to render other services pertinent to the use of the website and internet. The IP address transferred by the user's internet browser to Google Analytics is not combined with other data.
By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. Cookies that have already been saved can be deleted at any time. The deletion of all saved cookies may result in a situation where the user can no longer make full use of all the functions available on our website.
The user can prevent the collection of data by cookies relating to interaction with the website (including their IP address) and the processing of this data by Google, by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.
To prevent the collection of data by google analytics across devices, the user can put an opt-out cookie in place. Opt-out cookies prevent the future collection of data when visiting a website. This form of opt-out must be implemented across all devices so that it works comprehensively. To manage your cookie preferences, please click here and then on “Settings”.
https://marketingplatform.google.com/about/analytics/terms/us/ or here https://policies.google.com/?hl=en.
Use of the Remarketing or "Similar Audiences" Function by Google Inc.
On our website, we use the remarketing or "Similar Audiences" function by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This function serves the purpose of analysing visitor behaviour and interests.
User data is transferred to the USA where applicable. The European Commission has issued an Adequacy Decision (2016) on the level of protection for personal data in the USA.
Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in reaching out to visitors with targeted advertising by displaying personalised and interest-based advertisements to users of the Sunday website when they visit other websites in the Google Display Network.
The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR.
Use of Google AdWords Conversion Tracking
On our website, we use the online marketing programme Google AdWords as well as conversion tracking within this scope. Google conversion tracking is an analysis service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When a user clicks on an advertisement displayed by Google, a cookie is placed on the user's computer for conversion tracking. These cookies have limited validity and contain no personal data, and therefore do not serve to personally identify users. When a user visits certain pages on our website and the cookie has not yet expired, then Google can recognise that the user clicked on an advertisement and was redirected to the website. Every Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be traced across websites by Google AdWords customers.
The information which is retrieved with the help of the conversion cookie serves the purpose of producing conversion statistics. These statistics allow us to discover the total number of users who have clicked on an advertisement and been redirected to a site with a conversion tracking tag. We do not, however, receive any information that can be personally attributed to a specific user. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in targeted advertising and the analysis of the effect and efficiency of this advertising.
The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR.
By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. The deactivation of cookies may result in a situation where the user can no longer make full use of all the functions available on our website. The user will not be included in the conversion tracking statistics.
Use of DoubleClick by Google
Use of Google Optimize
Likewise, we may use the service Google Optimize. Google Optimize allows us, within the framework of so-called "A/B tests", to better understand the impact of changes to our website (for example to input fields, design, etc.). For these testing purposes, cookies are placed on the user's devices. Collected data is anonymous.
Use of Google Tag Manager
We can also use Google Tag Manager to manage and incorporate Google analyses and marketing services into our website.
Interest-based advertising from Google marketing services can be deactivated via personal Google settings and opt-out options here: http://www.google.com/ads/preferences.
Use of Facebook Remarketing
We use the Custom Audience remarketing option provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook") on our website.
This function serves the purpose of reaching out to website visitors with interest-based advertisements on the social networking site Facebook. To this end, the remarketing tag from Facebook has been implemented on the website. Via this tag, a direct connection to Facebook's servers is established when visiting the website. Information regarding which of our pages a user has visited is transferred to the Facebook servers. Facebook attributes this information to the user's personal Facebook account. When a user visits Facebook, personalised, interest-based advertisements are displayed. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in a needs-oriented and targeted website design. In accordance with (1) of the GDPR, the user has the right to withdraw their consent to the processing of this personal data for reasons arising from their personal situation. Accordingly, it is possible to deactivate the Custom Audience remarketing function. Further information about the collection and use of data via Facebook as well as policy, rights and settings for protecting privacy on Facebook can be found here: https://www.facebook.com/about/privacy/.
Integration des Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated into this site so as to display the Trusted Shops Quality Seal as well as to offer Trusted Shops membership to customers following an order.
The incorporation of the Trustbadge facilitates our legitimate interest in guaranteeing optimal marketing of our offerings in accordance with Art. 6 (1) of the GDPR. The Trustbadge and the services garnered through it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823, Cologne, Germany.
By accessing the Trustbadge, the web server automatically saves a so-called server log file that contains the user's IP address, date, time of access, data volume transferred, and the requesting service provider (access data), and documents the access. This access data is not analysed and is automatically overwritten at the latest 7 days after the end of the user's visit to the site.
Other personal data is only transferred to Trusted Shops if the user has consented and chosen to use a service from Trusted Shops after completion of an order, or has already registered for the use of Trusted Shops.
Distribution of Review Reminders by Email
Review Reminders from Trusted Shops
Insofar as the user during or after their order provides their express consent in accordance with Art. 6 (1) of the GDPR, we will share their email address with Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.co.uk), so that Trusted Shops can send the user a review reminder via email.
The user can withdraw their consent at any time by sending a message to Sunday via the contact information available in our imprint or directly from Trusted Shops.
Use of Amazon Web Services
For email hosting, we use the service Amazon Simply Email Service ("SES") by Amazon Web Services, Inc. (AWS; P.O. Box 81226, Seattle, WA 98108-1226, USA). The data is stored exclusively in a European (EU) data centre. We have strictly limited access rights and the data is automatically encrypted. AWS has joined the EU-US Privacy Shield agreement. Further information about AWS can be found here: https://aws.amazon.com/compliance/eu-data-protection/?nc1=h_ls and here: https://aws.amazon.com/privacy/?nc1=h_ls.
Use of YouTube
On our website we use the embedding function for YouTube videos from YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube"). YouTube is a subsidiary of Alphabet Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which also owns Google.
This function displays YouTube videos in an iFrame on the website. The option "advanced data protection mode" is activated, which means that YouTube does not store any information about visitors to the website. Only when a user watches a video is information about it transferred to YouTube and stored there.
Further information about the gathering and usage of data by YouTube and Google, as well as policy, rights and settings for privacy protection on YouTube can be found here: https://policies.google.com/privacy?hl=en.
Use of Zendesk
Use of Taboola
Use of Exponea
For our website, we use the services of Exponea DE GmbH (Kemperplatz 1, 10785 Berlin, Germany) to support online marketing measures and for the purpose of website and visitor analytics. To this end cookies may be saved on the user's computer. By altering the technical settings of their internet browser, the user can prevent the saving of cookies. We also use Exponea to enable the distribution of marketing emails. The user can unsubscribe from these emails at any time by using the link provided in the email. Personal data is used for the purpose of targeted email and online marketing. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of our legitimate interest for the aforementioned purposes. The user has the right to withdraw their consent to this processing at any time.
Duration of Storage
After the contract has been concluded, data is stored for the duration of the guarantee and thereafter in respect to regulatory requirements, including the retention period for tax and commercial register purposes. After the conclusion of this period, the data is deleted, unless the user has consented to their continued use.
In order to measure the effects of our TV spots through the use of our websites, we use Motion Media Analytics from CND (CND Motion Media GmbH, Holzstr. 2, 80469 Munich, Germany). The CND tracking script generally works without cookies. With your consent and on our behalf, CND sets a session cookie to register all page requests as well as a cookie with the time of your first visit, which is deleted after 28 days.
Within the scope of the survey, users are recorded as a statistical variable. That is, visitor events are recorded for purely statistical purposes. All IP addresses and hashed email addresses collected in the process are therefore anonymised. No personal data is collected or permanently stored by CND. It is therefore impossible to retrieve any data about individual households or persons.
We have concluded an order processing contract with CND. The legal basis for the use of CND can be found in Art. 6 para. 1 point (a) as well as in Art. 6 para. 1 point (f) of the GDPR. You can find more information about the service provider at: www.cnd-motionmedia.de.
If you would like to prevent CND from collecting data during your visit to our websites, you may deactivate CND directly with the provider using the following link: https://analytics.cnd-motionmedia.de/web/function/optout
Right of Appeal
Insofar as we process personal data as described above to facilitate our legitimate interests, the user has the right to withdraw their consent with effect for the future. If the data processing takes place for the purpose of direct marketing, the user can exercise this right at any time as described above. Insofar as the processing takes place for other purposes, right of appeal only applies for reasons arising from their personal situation.
After the user exercises their right of appeal, we will no longer process data for these purposes unless we can prove compelling reasons for processing which outweigh the user's interests, rights, or freedoms, or when the processing of data serves the enforcement, exercise, or defense of legal claims.
The former does not apply to the processing of data for direct marketing purposes, in which case we will no longer process personal data for this purpose.
Rights of the Person Concerned
In the case that the legal requirements are met, the user has the following rights in accordance with articles 15-20 of the GDPR: right to disclosure, right to deletion, right to restriction of processing, and right to data portability.
According to Art. 21 (1) of the GDPR, the user has the right to appeal against the processing of data in accordance with Art. 6 (1) f of the GDPR, as well as against the processing of data for the purpose of direct marketing.
The user can contact Sunday at any time. The contact information pertaining to data privacy is as follows:
Contact Person for Data Privacy and Data Protection Officer:
In case of questions concerning the collection, processing, or use of personal data, for disclosure, rectification, blocking, or deletion of data, as well as for the withdrawal of consent, please contact:
HB E-Commerce Rechtsanwaltsgesellschaft mbH
Arcus Park Haus B
Torgauer Straße 233
Right of Appeal to the Regulatory Authority
The user has the right in accordance with Art. 77 of the GDPR to file a complaint with the regulatory authority if the user is of the opinion that the processing of their personal data has not taken place lawfully.
Responsible for Personal Data
Sunday Natural Products GmbH
Potsdamer Straße 83
Executive Directors: Robert Bosch, Anja Graw, Szymon Zwierzynski, Mathias Trilk, Roman Huber, Raimund Reisinger
Listed in the Commercial Register of the District Court of Berlin-Charlottenburg: HRB 152621 B
last updated: 23.05.2018