Go Back

Privacy Policy

Introduction

Sunday Natural ensures that the user's privacy is maintained while using Sunday's services. For this reason, we have crafted a data privacy policy that explains how personal user data is processed and protected. Any changes to this policy can be viewed online on our website at any time.

As far as is not stated below, the provision of personal data is neither legally nor contractually mandatory, nor a prerequisite for the conclusion of a contract. The user is not obligated to provide data. A non-provision has no consequences. These conditions are valid only insofar as no other provisions are described below in accordance with processing operations.
"Personal data" refers to all information that is related to an identified or identifiable natural person.

Server Log Files

Users can visit our website without providing personal information. With each visit to our website, user data is transmitted from the user's internet browser and saved in Sunday's protocol data (server log files). Among the saved data are the name of the visited site, date, time of visit, data volume transferred, and the requesting provider. The data serves exclusively to guarantee unobstructed use of our website and to improve our services. The attribution of this data to specific persons is not possible.

Customer Account

When a user opens a customer account, we gather the user's personal data to the extent specified. Data processing serves the purpose of improving the user's shopping experience and simplifying the order transaction. Processing takes place in accordance with Art. 6 (1) of the General Data Protection Regulation (GDPR) and with the user's consent. The user can withdraw their consent at any time by contacting us; the legality of data processing from the point of initial consent and revocation of consent is not affected. The user account account is then deleted.

Collection, Processing, and Use of Personal Data for Orders

When an order is placed, we utilise the user's personal data only insofar as this data is required for the fulfilment and handling of the order as well as for the processing of user requests. The provision of data is required for the conclusion of the contract. The non-provision of data carries the consequence that no contract can be concluded. Processing takes place in accordance with Art. 6 (1) of the GDPR and is absolutely required for the fulfilment of a contract with the user. The transferral of personal data to third parties does not take place without the user's explicit consent. Exceptions to this rule include only our service partners who are necessary for the conclusion of the contractual relationship or whose services we require within the framework of processing the order. In addition to the recipients disclosed in the clauses of this data privacy policy, other recipients belong to the following categories: shipping services, payment services, product management services, debt collector services, order processing service providers, web hosts, and IT service providers. In all cases, we strictly follow legal requirements. The scope of data transfer is limited to a minimum.

In order to offer Klarna's payment methods, we must provide the user's personal data at checkout in the form of contact and order data to Klarna so that Klarna can determine whether the user qualifies for these payment methods and whether these payment methods can be modified for the user. User data transferred to Klarna is processed in accordance with Klarna's privacy policy.

Web Hosting Services via a Third Party Provider

A third party provides Sunday with the services of hosting and presenting the website, including processing, on our behalf. This service facilitates our legitimate interest in guaranteeing an accurate representation of our offerings. All data, which is gathered as described below within the framework of using the website, or collected via provided forms in the online shop, is processed on the service provider's servers. Processing on other servers only occurs within the scope described here.

The service provider is based in Germany.

Use of Email and Mailing Address for Direct Advertising

We utilise the user's email and mailing address received in the course of selling goods or services for the electronic and physical mailing of advertising for our own goods or services that are similar to those already acquired by the user, so long as the user has not declined such usage of their data. The provision of an email and mailing address is required for the conclusion of a contract. The non-provision of data carries the consequence that no contract can be concluded. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in direct advertising. The user can withdraw their consent to advertising at any time by contacting us via the contact information provided in our imprint. The user can also use the provided link in the advertisement email to unsubscribe. There are no additional costs for this service beyond the necessary transmission costs.

Transferral of Email Addresses to Delivery Services for Shipping Status Information

The transferral serves the purpose of permitting the user to access shipping status. Processing takes place in accordance with Art. 6 (1) of the General Data Protection Regulation (GDPR) and the user's consent. The user can withdraw their consent at any time by contacting us or the delivery service; the legality of data processing from the point of initial consent and revocation of consent is not affected.

Use of PayPal

All PayPal transactions are subject to PayPal's privacy policy. This policy is accessible here: https://www.paypal.com/uk/home.

Cookies

Our website uses cookies. Cookies are small text files saved in the internet browser, i.e. by the internet browser onto the computer system of the user. If a user visits a website, a cookie can be saved on the user's operating system. The cookie includes a characteristic sequence that enables a unique identification of the browser when revisiting the website. We use cookies for the purpose of making our offerings more user friendly, effective, and safe. Additionally, cookies enable our systems to recognise the user's browser after changing pages, and to offer services. Some of the functions of our website cannot be offered without the use of cookies. For such services it is necessary that the browser can be recognised after changing pages.

We also use cookies on our website for the purpose of analysing the surfing behaviour of our visitors.
Additionally, we use cookies for the purpose of reaching out to visitors with targeted, interest-based advertising on other websites.

Processing takes place in accordance with § 15 (3) of the German "Telemedien Gesetz" (TMG, Telemedia Law) as well as Art. 6 (1) of the GDPR on the basis of the legitimate interest for the aforementioned purposes. The data gathered in this manner from the user is anonymised via technical precautions. The attribution of this data to specific persons is not possible. The data is not saved together with other personal data. The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR. Cookies are saved on the user's computer. By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. Cookies that have already been saved can be deleted at any time. The deletion of all saved cookies may result in a situation where the user can no longer make full use of all the functions available on our website.
The following links provide further information regarding the management as well as deactivation of cookies on major internet browsers:

Chrome Browser
Internet Explorer
Mozilla Firefox
Safari

Usage of Google Analytics

On our website we use the website analysis service Google Analytics from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Processing serves the purpose of analysing the website and its visitors. To this end and on behalf of the website operator, Google uses the acquired information to analyse the user's interaction with the website, to compile reports on website activities, and to render other services pertinent to the use of the website and internet. The IP address transferred by the user's internet browser to Google Analytics is not combined with other data.

By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. Cookies that have already been saved can be deleted at any time. The deletion of all saved cookies may result in a situation where the user can no longer make full use of all the functions available on our website.

The user can prevent the collection of data by cookies relating to interaction with the website (including their IP address) and the processing of this data by Google, by installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout?hl=en.

To prevent the collection of data by google analytics across devices, the user can put an opt-out cookie in place. Opt-out cookies prevent the future collection of data when visiting a website. This form of opt-out must be implemented across all devices so that it works comprehensively. To manage your cookie preferences, please click here and then on “Settings”.

Further information regarding terms of use and data protection can be found here:
https://marketingplatform.google.com/about/analytics/terms/us/ or here https://policies.google.com/?hl=en.

Use of the Remarketing or "Similar Audiences" Function by Google Inc.

On our website, we use the remarketing or "Similar Audiences" function by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). This function serves the purpose of analysing visitor behaviour and interests.

Google uses cookies to carry out the analysis of website usage, which forms the basis for the production of interest-based advertising. Visits to the website as well as anonymised data about the usage of the website are gathered via cookies. No personal data about the users of the website is stored. When a user visits another website in the Google Display Network, they will be shown advertising that takes into consideration previously viewed product categories and areas of information.

User data is transferred to the USA where applicable. The European Commission has issued an Adequacy Decision (2016) on the level of protection for personal data in the USA.

Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in reaching out to visitors with targeted advertising by displaying personalised and interest-based advertisements to users of the Sunday website when they visit other websites in the Google Display Network.

The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR.

Users can permanently deactivate the use of cookies by Google by installing the plug-in available here. Alternatively, users can deactivate the use of cookies by third parties by visiting the deactivation page of the Network Advertising Initiative and managing their opt-outs.

Further information about Google remarketing and the relevant privacy policy can be found here: https://policies.google.com/technologies/ads?hl=en

Use of Google AdWords Conversion Tracking

On our website, we use the online marketing programme Google AdWords as well as conversion tracking within this scope. Google conversion tracking is an analysis service by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). When a user clicks on an advertisement displayed by Google, a cookie is placed on the user's computer for conversion tracking. These cookies have limited validity and contain no personal data, and therefore do not serve to personally identify users. When a user visits certain pages on our website and the cookie has not yet expired, then Google can recognise that the user clicked on an advertisement and was redirected to the website. Every Google AdWords customer receives a different cookie. It is therefore not possible for cookies to be traced across websites by Google AdWords customers.
The information which is retrieved with the help of the conversion cookie serves the purpose of producing conversion statistics. These statistics allow us to discover the total number of users who have clicked on an advertisement and been redirected to a site with a conversion tracking tag. We do not, however, receive any information that can be personally attributed to a specific user. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in targeted advertising and the analysis of the effect and efficiency of this advertising.
The user has the right for reasons arising from their personal situation to withdraw their consent to the processing of this personal data as conducted in accordance with Art. 6 (1) of the GDPR.

By altering the technical settings of their internet browser, the user can prevent the saving of cookies and the transferral of data. The deactivation of cookies may result in a situation where the user can no longer make full use of all the functions available on our website. The user will not be included in the conversion tracking statistics.

Additionally, users can deactivate personalised advertising in the settings for Google Ads. Instructions can be found here. Alternatively, users can deactivate the use of cookies by third parties by visiting the deactivation page of the Network Advertising Initiative and managing their opt-outs.

Use of DoubleClick by Google

Using the Google marketing service DoubleClick allows us to integrate the advertisements of third parties. DoubleClick uses cookies which enable Google and its partner websites to display advertisements based on users' visits to this website or other internet websites.

Use of Google Optimize

Likewise, we may use the service Google Optimize. Google Optimize allows us, within the framework of so-called "A/B tests", to better understand the impact of changes to our website (for example to input fields, design, etc.). For these testing purposes, cookies are placed on the user's devices. Collected data is anonymous.

Use of Google Tag Manager

We can also use Google Tag Manager to manage and incorporate Google analyses and marketing services into our website.

Interest-based advertising from Google marketing services can be deactivated via personal Google settings and opt-out options here: http://www.google.com/ads/preferences.

Further information on Google's privacy policy can be found here: https://policies.google.com/privacy?hl=en

Use of Facebook Remarketing

We use the Custom Audience remarketing option provided by Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; "Facebook") on our website.

This function serves the purpose of reaching out to website visitors with interest-based advertisements on the social networking site Facebook. To this end, the remarketing tag from Facebook has been implemented on the website. Via this tag, a direct connection to Facebook's servers is established when visiting the website. Information regarding which of our pages a user has visited is transferred to the Facebook servers. Facebook attributes this information to the user's personal Facebook account. When a user visits Facebook, personalised, interest-based advertisements are displayed. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of legitimate interest in a needs-oriented and targeted website design. In accordance with (1) of the GDPR, the user has the right to withdraw their consent to the processing of this personal data for reasons arising from their personal situation. Accordingly, it is possible to deactivate the Custom Audience remarketing function. Further information about the collection and use of data via Facebook as well as policy, rights and settings for protecting privacy on Facebook can be found here: https://www.facebook.com/about/privacy/.

Integration des Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated into this site so as to display the Trusted Shops Quality Seal as well as to offer Trusted Shops membership to customers following an order.

The incorporation of the Trustbadge facilitates our legitimate interest in guaranteeing optimal marketing of our offerings in accordance with Art. 6 (1) of the GDPR. The Trustbadge and the services garnered through it are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823, Cologne, Germany.

By accessing the Trustbadge, the web server automatically saves a so-called server log file that contains the user's IP address, date, time of access, data volume transferred, and the requesting service provider (access data), and documents the access. This access data is not analysed and is automatically overwritten at the latest 7 days after the end of the user's visit to the site.

Other personal data is only transferred to Trusted Shops if the user has consented and chosen to use a service from Trusted Shops after completion of an order, or has already registered for the use of Trusted Shops.

Distribution of Review Reminders by Email

Review Reminders from Trusted Shops

Insofar as the user during or after their order provides their express consent in accordance with Art. 6 (1) of the GDPR, we will share their email address with Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne (www.trustedshops.co.uk), so that Trusted Shops can send the user a review reminder via email.

The user can withdraw their consent at any time by sending a message to Sunday via the contact information available in our imprint or directly from Trusted Shops.

Use of Amazon Web Services

For email hosting, we use the service Amazon Simply Email Service ("SES") by Amazon Web Services, Inc. (AWS; P.O. Box 81226, Seattle, WA 98108-1226, USA). The data is stored exclusively in a European (EU) data centre. We have strictly limited access rights and the data is automatically encrypted. AWS has joined the EU-US Privacy Shield agreement. Further information about AWS can be found here: https://aws.amazon.com/compliance/eu-data-protection/?nc1=h_ls and here: https://aws.amazon.com/privacy/?nc1=h_ls.

Use of YouTube

On our website we use the embedding function for YouTube videos from YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; "YouTube"). YouTube is a subsidiary of Alphabet Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA), which also owns Google.

This function displays YouTube videos in an iFrame on the website. The option "advanced data protection mode" is activated, which means that YouTube does not store any information about visitors to the website. Only when a user watches a video is information about it transferred to YouTube and stored there.

Further information about the gathering and usage of data by YouTube and Google, as well as policy, rights and settings for privacy protection on YouTube can be found here: https://policies.google.com/privacy?hl=en.

Use of Zendesk

We process customer requests and handle service communications with customers using a ticket system provided by Zendesk, Inc. (1019 Market Street, San Francisco, CA 94103, USA). Zendesk certifies compliance with the EU-US Privacy Shield and the International Safe Harbor Privacy Principles between the USA, EU and Switzerland. Further information regarding data processing by Zendesk can be found in Zendesk's data privacy policy: https://www.zendesk.com/company/customers-partners/privacy-policy/. Users can contact Zendesk with questions via Zendesk’s Global Privacy Counsel: EMEA & Global Privacy Counsel, Zendesk International Ltd., 55 Charlemont Place, Saint Kevin’s, Dublin, D02 F985, Ireland or by email at privacy@zendesk.com. Further information on data protection can be found at https://www.zendesk.com/company/agreements-and-terms/privacy-policy/.

Use of Taboola

We use the content discovery technology of Taboola to recommend other online content that could be of interest to users. Taboola collects, with the help of cookies and similar technology, information about the user's device and behaviour on our website and partner websites to generate these recommendations. Further information on Taboola's data privacy policy can be found here: https://www.taboola.com/policies/privacy-policy. Click here to opt out.

Use of Exponea

For our website, we use the services of Exponea DE GmbH (Kemperplatz 1, 10785 Berlin, Germany) to support online marketing measures and for the purpose of website and visitor analytics. To this end cookies may be saved on the user's computer. By altering the technical settings of their internet browser, the user can prevent the saving of cookies. We also use Exponea to enable the distribution of marketing emails. The user can unsubscribe from these emails at any time by using the link provided in the email. Personal data is used for the purpose of targeted email and online marketing. Processing takes place in accordance with Art. 6 (1) of the GDPR on the basis of our legitimate interest for the aforementioned purposes. The user has the right to withdraw their consent to this processing at any time.

Duration of Storage

After the contract has been concluded, data is stored for the duration of the guarantee and thereafter in respect to regulatory requirements, including the retention period for tax and commercial register purposes. After the conclusion of this period, the data is deleted, unless the user has consented to their continued use.

Right of Appeal

Insofar as we process personal data as described above to facilitate our legitimate interests, the user has the right to withdraw their consent with effect for the future. If the data processing takes place for the purpose of direct marketing, the user can exercise this right at any time as described above. Insofar as the processing takes place for other purposes, right of appeal only applies for reasons arising from their personal situation.

After the user exercises their right of appeal, we will no longer process data for these purposes unless we can prove compelling reasons for processing which outweigh the user's interests, rights, or freedoms, or when the processing of data serves the enforcement, exercise, or defense of legal claims.

The former does not apply to the processing of data for direct marketing purposes, in which case we will no longer process personal data for this purpose.

Rights of the Person Concerned

In the case that the legal requirements are met, the user has the following rights in accordance with articles 15-20 of the GDPR: right to disclosure, right to deletion, right to restriction of processing, and right to data portability.
According to Art. 21 (1) of the GDPR, the user has the right to appeal against the processing of data in accordance with Art. 6 (1) f of the GDPR, as well as against the processing of data for the purpose of direct marketing.

The user can contact Sunday at any time. The contact information pertaining to data privacy is as follows:

Contact Person for Data Privacy and Data Protection Officer:

In case of questions concerning the collection, processing, or use of personal data, for disclosure, rectification, blocking, or deletion of data, as well as for the withdrawal of consent, please contact:

HB E-Commerce Rechtsanwaltsgesellschaft mbH
Arcus Park Haus B
Torgauer Straße 233
04347 Leipzig
Germany
Email: datenschutz@sunday.de

Right of Appeal to the Regulatory Authority

The user has the right in accordance with Art. 77 of the GDPR to file a complaint with the regulatory authority if the user is of the opinion that the processing of their personal data has not taken place lawfully.

Responsible for Personal Data

Sunday Natural Products GmbH
Potsdamer Straße 83
10785 Berlin
Germany

Executive Directors: Robert Bosch, Anja Graw, Szymon Zwierzynski, Mathias Trilk

Listed in the Commercial Register of the District Court of Berlin-Charlottenburg: HRB 152621 B

last updated: 23.05.2018

Welcome! Which language would you like to use?

Loading...