Personal data are all data with which you can be personally identified. Our website can generally be used without providing any personal data. If you would like to use special services from us via our website, it may be necessary to process personal data (e.g. when ordering our products). We generally obtain your consent if the processing of personal data is necessary and there is no legal basis for such processing. The collection and processing of personal data, such as your name, address or email address, is always carried out in accordance with the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
Responsible person and contact to the data protection officer
Perla Health GmbH is responsible for the processing of your personal data when you visit our website. You can reach us at the following address:
Perla Health GmbH
If you have any questions about our data protection guidelines or would like to exercise your rights, you can contact our data protection officer at any time:
You can contact a supervisory authority with a complaint at any time, e.g. B. to the competent supervisory authority of your federal state or to the authority responsible for us as the responsible body.
Here is a list of regulators (for the non-public area): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html .
How and what data we collect and what for
We collect data from various sources and interactions with you. The most important are:
- Data that you provide to us. This takes place, for example, when you fill out forms, correspond with us (e.g. via post, e-mail or social media), register for our newsletter, create a customer account, order products, or submit comments or ratings.
- Data that we receive automatically. When you visit our website or click on our advertising on third party sites (e.g. social media), we receive technical data such as technical equipment or search patterns.
- Data that third-party providers transmit to us. This includes, for example, data from service providers who enable e-commerce activities, analytics providers, advertising networks and search information providers, and from your friends whom you have referred to us via “Recommend a friend”.
This concerns both personal data and data that do not allow any conclusions to be drawn about a person (aggregated data and anonymous data). Here is a selection with examples of personal data that we store when you provide it to us:
- Identity data: first name, last name, date of birth, user name
- Contact details: billing address, email address
- Financial data: payment cards, direct debit
- Transaction data: products that you have purchased from us
- Profile data: user name, orders, feedback
- Technical data: IP address, browser type, operating system
- Usage data: How you use our website
- Tracking data including cookies
- Marketing and communication data: communication preferences
We only use your personal data when the law allows it. We will typically use your personal data in the following cases:
- Fulfillment of the contract. For example, if you buy our products, this is a contract between you and us under which we will deliver the products to you.
- Legitimate interest. If it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not outweigh these interests. An example of this is fraud monitoring as part of the payment process or the security of our website.
- Regulation and laws. For example, keeping records of our sales for tax compliance.
We do not rely on consent as a legal basis for processing your personal data, unless this is required by law. As far as our legal basis is consent, you have the right to revoke it at any time.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner).
In order to conclude a contract, it may sometimes be necessary for you to provide us with personal data that we subsequently have to process. Failure to provide personal data would mean that the contract with you could not be concluded.
Cookies are small text files that are saved using your browser. Cookies are often used and serve to enable or optimize the operation of websites and to provide information to the operator of the website. Cookies help us to make our website more attractive, to make it more secure and to continuously improve it. No credit / debit card information or passwords are stored on our cookies.
We use the following categories of cookies:
- Absolutely necessary cookies. These cookies are necessary for the website to function properly. These include, for example, cookies that enable you to log in, use a shopping cart or make secure payments.
- Analytics / performance cookies. These cookies enable us to determine the number of visitors and to find out which website elements they call up. This helps us to improve the way our website works, for example by For example, make sure users can easily find what they are looking for.
- Functional cookies. These cookies are used so that we can recognize you when you visit our website again. We can use it to personalize our content for you, greet you by name and remember your preferences (e.g. your choice of language or region). And we can tell whether there are still products in your shopping cart if you have left the website without logging out.
- Targeting cookies. These cookies store your visit to our website, the web pages you have visited and the links you have followed. We use this information to make our website relevant to your interests and for advertising and retargeting purposes. We can also pass this information on to third parties for this purpose.
Please note - if you delete cookies, this has two effects:
- We will no longer know that you rejected online behavioral advertising. Our advertising will therefore continue to be displayed on other websites.
- We no longer automatically recognize all of the website preferences you have set.
Browsers differ in the way they manage cookies. The following links provide information on various browsers and how they handle cookies. Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Automatic acquisition of technical data
For security reasons and to protect the transmission of personal data and other confidential content, we use an SSL or. TLS encryption. You can recognize an encrypted connection by the character string "https: //" and the lock symbol in your browser.
If you only use our website for informational purposes, i.e. if you do not register or provide us with other information, we collect a range of general data and information that your browser sends to us (so-called "server log files"). Browser types and versions, operating system, the website from which the system came to our website (“referrer”), sub-websites that are accessed via a system on our website, date and time, Internet protocol address, can be recorded. Amount of data sent, Internet service providers and other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
The processing takes place in accordance with Art. 6 Para. 1 lit.f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. When using this general data and information, we do not draw any conclusions about the accessing person. This information is required to correctly deliver the content of our website, to optimize the content of our website and its advertising, to ensure the long-term functionality of our information technology systems and the technology of our website and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated statistically on the one hand and with the aim of increasing data protection and data security in our company on the other. The anonymous data in the server log files are stored separately from personal data. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
Our contact form
If you contact us using the contact form, your data will be collected and processed by our hosting service provider Shopify (https://www.shopify.de) and forwarded to us by email. Which data we collect can be seen from the respective form and we use this data exclusively to answer your request or to contact you and the associated administration. The legal basis for processing this data is our legitimate interest in answering your request (Art. 6 Para. 1 lit.f GDPR). If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 Para. 1 lit. b GDPR. After your request has been processed, the information will be deleted from the contact form, provided there are no statutory retention requirements and if you have not consented to further processing and use.
Registration for the website and the customer account
You have the option of opening a customer account with us by providing personal data. Which data we collect can be seen from the respective form. We also collect personal data if you provide us with this in order to execute a contract.
Your collected personal data will be collected and stored by us for internal use and for our own purposes, including to improve your shopping experience, to process your order and to make the information available. Your registration by voluntarily providing personal data enables us to offer you content or services that, due to the nature of the matter, can only be offered to registered users. We can arrange for it to be passed on to contract processors (e.g. parcel service providers) who also use your personal data exclusively for their internal use (legal basis: Art. 6 Para. 1 lit. b GDPR).
You can change or completely delete your data and your account with us at any time - just write us an email. Your data will then be blocked with due regard to tax and commercial retention periods and deleted from the database after these periods have expired. Upon request, we will provide you with information at any time about which personal data is stored about you.
Newsletter and direct mail
We offer you to subscribe to our newsletter on our website. Which data we collect for this can be seen from the respective form. The newsletter is sent out regularly and contains information about our company, news and current offers. You can only receive our newsletter if you enter your valid e-mail address (mandatory) and you register to receive the newsletter. We use further data that you provide in order to be able to address you personally.
We use the double opt-in procedure for sending the newsletter: We will only send you the newsletter if you have expressly confirmed to us that you would like to be included in the mailing list. We will send you a confirmation e-mail for this and ask you to click on a corresponding link to confirm that you would like to receive our newsletter and that we are therefore allowed to use your data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register, we save the IP address entered by the Internet Service Provider (ISP), as well as the date and time of registration in order to be able to trace any possible misuse at a later point in time. The data collected by us when registering for the newsletter will only be used for advertising purposes via the newsletter.
You can unsubscribe from our newsletter at any time via a link in the newsletter itself or by sending us a message. After you unsubscribe, your address will be deleted from our mailing list, unless you have expressly consented to further data use or we reserve the right to use data legally.
If you have given us your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services by e-mail. For this we do not need any separate consent in accordance with Section 7 (3) UWG and the data processing takes place solely on the basis of our legitimate interest in personalized direct mail in accordance with Art. 6 (1) lit.f GDPR. If you have initially objected to this use, no dispatch will take place.
To send the newsletter, your data will be passed on to a service provider for email marketing as part of order processing. It will not be passed on to other third parties. Your data will be transmitted to a third country for which the European Commission has issued an adequacy decision. This transfer takes place in accordance with Article 6 (1) (f) GDPR and serves our legitimate interest in using an effective, secure and user-friendly newsletter system.
Our newsletters contain miniature graphics (“tracking pixels”) to enable log file recording and log file analysis. This enables us to carry out statistical evaluations of the success of our campaigns. Among other things, we can see if and when you opened our e-mail and which links it contained were accessed. This collected personal data is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests. These personal data will not be passed on to third parties. You can revoke your declaration of consent given in this regard at any time. After your revocation, we will delete your personal data. We automatically interpret unsubscribing from the newsletter as a revocation.
We use direct mail to address our customers and use your first and last name and postal address in accordance with our legitimate interest in personalized direct mail (Art. 6 Para. 1 lit. f GDPR) to send news, information and offers by post. You can object to this storage and use of your data for this purpose at any time by sending a message to us.
If items are temporarily unavailable, our e-mail notification service for goods availability allows us to inform you of the time of availability by e-mail. If you register for this, we will send you a one-time message about the availability of the selected item. We use the double opt-in procedure to send the notification: We will only send you the notification if you have expressly confirmed to us that you would like to receive it. We will send you a confirmation e-mail for this and ask you to confirm by clicking on a corresponding link that you would like to receive our notification and that we are therefore allowed to use your data in accordance with Art. 6 Para. 1 lit. a GDPR. When you register, we save the IP address entered by the Internet Service Provider (ISP), as well as the date and time of registration in order to be able to trace any possible misuse at a later point in time.
On our website, we offer you the opportunity to leave your individual comments on certain articles, products and services. If you leave your comment there, in addition to your comments, data on the time and user name (pseudonym) will be saved and published. We log your IP address assigned by the Internet service provider (ISP) for security reasons and in the event that you violate the rights of third parties or post illegal content by submitting a comment. The storage of this personal data is therefore in our own interest so that we can exculpate ourselves in the event of a violation of the law. This collected personal data will not be passed on to third parties unless such a transfer is required by law or serves our legal defense.
Duration of data retention and international transfer
We have strict security measures to prevent the destruction, loss, alteration or unauthorized disclosure of or unauthorized access to personal data. In addition, we limit access to personal information to employees, agents, contractors and other third parties who need it for business purposes. They will only process your personal data on our instructions and are subject to confidentiality. We have put in place procedures that are used in the event of a suspected personal data breach and will notify you and the relevant authorities of a breach if we are legally obliged to do so.
We process and store your personal data only for the period that is necessary to achieve the storage purpose or if this has been provided for by the European directives and regulations or another legislator in laws or regulations to which the person responsible for the processing is subject. If the storage purpose no longer applies or if a storage period prescribed by the European directives and ordinances or another responsible legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After the period has expired, the relevant data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.
For the processing of your data, we also use service providers who are located in third countries outside the European Union, so that your personal data are transmitted to a third country outside the EU for processing. If this data leaves the EU during transmission, we ensure that the same level of protection applies and that we comply with the General Data Protection Regulation.
You have certain rights in relation to your personal data under the General Data Protection Regulation.
- Right of providing information. You have the right to receive a copy of the personal data stored about you and to check whether we are lawfully processing it.
- Right to rectification. You have the right to have incomplete or incorrect data that we have stored about you corrected, although we may have to check the correctness of the new data.
- Right to cancellation. This allows you to ask us to delete or remove personal data if there is no good reason to continue processing it. You also have the right to request that we delete or remove your personal data if you have successfully exercised your right of objection, if we have processed your data unlawfully or if we have to delete your personal data in order to comply with local legal requirements. However, we will not always be able to comply with your request for deletion if there are legal reasons to the contrary, about which we will inform you at the time of the request.
- Right to object. You have the right to object to the lawful processing of your personal data by us (or by a third party) for reasons that arise from your particular situation if you are of the opinion that this affects your fundamental rights and freedoms. You also have the right to object if we process your personal data for direct marketing purposes. In some cases, however, we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms.
- Right to restriction of processing. With this right, you can demand that we restrict the processing of personal data if one of the following conditions is met: (a) if you want us to check the accuracy of the data; (b) if our use of the data is unlawful but you do not want us to delete it; (c) if you want us to store the data to assert, exercise or defend legal claims, although we no longer need it, or (d) if you have objected to our use of your data, but we have to check whether we can have overriding, legitimate reasons for the processing.
- Right to data portability. We will provide you or a third party named by you with your personal data in a structured, common and machine-readable format. This right only applies to automated information that you originally gave us your consent to use or that we used to fulfill a contract concluded with you.
- Right to withdraw consent. In cases in which we depend on your consent to process your personal data, you can revoke this consent at any time. However, this has not affected the legality of the processing carried out on the basis of the consent up to the point of revocation. If you withdraw your consent, we may not be able to provide you with certain products or services. We will let you know if this is the case if you withdraw your consent.
If you would like to exercise one of the above rights, please contact us at any time! We may need to request specific information from you to confirm your identity and to guarantee your right to access your personal data (or to exercise other rights). This is a security measure to ensure that personal data is not disclosed to anyone who has no right to do so. According to Art. 77 GDPR, you also have the right to complain to the supervisory authority if you are of the opinion that the processing of your personal data is not lawful.
Third party providers
On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and provide us with other related services. Your transmitted IP address will not be merged with other Google data. You can prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google. com / dlpage / gaoptout? hl = de
As far as legally required, we have obtained your consent in accordance with Article 6 (1) (a) GDPR. You can revoke this consent at any time with effect for the future. You can find more information about Google Analytics here:
Google Ads remarketing
Any further data processing will only take place if you have agreed to Google that your internet and app browser history will be linked to your Google account and that this information may be used to personalize advertisements. In this case, if you are logged in to Google at the same time as you visit our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data in order to form target groups. When using Google Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.
You can permanently deactivate this setting by downloading and installing the browser plug-in available under the following link: https://www.google.com/settings/ads/onweb/
If you reject cookies, the functionality of our website may be restricted.
As far as legally required, we have obtained your consent in accordance with Article 6 (1) (a) GDPR. You can revoke this consent at any time with effect for the future.
You can find more information on Google (Universal) Analytics here: https://www.google.com/policies/technologies/ads/
We use an embedding function to display and play videos on “Youtube”, which belongs to Google Ireland Ltd., Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
You can find more information on data protection at Google here: https://www.google.de/intl/de/policies/privacy
Google Ads Conversion
We use the “Custom Audiences” function from Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”).
This function is used to target visitors to the website with interest-based advertising on the Facebook social network.
For this purpose, the Facebook remarketing tag was implemented on the website. A direct connection to Facebook is established via this tag when you visit the website. This tells Facebook which of our pages you have visited and Facebook assigns this information to your personal Facebook user account.
If you click on a Facebook button integrated on our website, for example the "Like" button, or if you leave a Facebook comment, Facebook will assign this information to your Facebook account and save this personal data. When you visit Facebook, personalized, interest-based Facebook ads are displayed. The processing takes place on the basis of Art. 6 (1) lit.f GDPR from the legitimate interest in the above-mentioned purpose. If you do not want this transmission to Facebook, it can prevent the transmission by logging out of your Facebook account before calling up our website. You have the right to object to this processing of your personal data based on Art. 6 (1) f GDPR at any time.
Further information on data protection on Facebook can be found here: https://www.facebook.com/about/privacy/ .
We use components from Instagram on our website. The operating company for Instagram services is Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
When you visit our website, Instagram stores cookies. If you are logged in to Instagram at the same time, Instagram recognizes the call to our website and the duration of your stay on our website and which specific sub-pages you are visiting. This information is assigned to your Instagram account. If you click one of the Instagram buttons integrated on our website, the data and information transferred will be assigned to your Instagram user account and saved and processed by Instagram.
Instagram always receives information if you are logged into Instagram at the same time as you visit our website; this takes place regardless of whether you click on the Instagram component.
If you do not want this transmission to Instagram, it can prevent the transmission by logging out of your Instagram account before visiting our website. You have the right to object to this processing of your personal data based on Art. 6 (1) f GDPR at any time.
You can find more information on data protection at Instagram here: https://www.instagram.com/about/legal/privacy/.
Art. 6 I lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfill a contract to which you are a party, the processing is based on Art. 6 I lit. b GDPR. The same applies to those processes that are necessary to carry out pre-contractual measures, for example in cases of product inquiries. If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfill tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, it may be necessary to process personal data in order to protect the vital interests of the data subject or another natural person. Then the processing would be based on Art. 6 I lit. d GDPR. Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the person concerned do not prevail. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the person concerned is a customer of the person responsible (recital 47 sentence 2 GDPR).
If you send us an application, we will process your personal data including the information from your résumé to carry out the application process. The legal basis for processing is Article 6 (1) (b) GDPR. Your data can also be processed by our service provider. Your data will be deleted 6 months after the application process has ended.