Privacy Policy
Data protection policy
Many thanks for visiting our web page. Compliance with statutory data protection provisions is particularly important to us. The aim of this data protection policy is to inform you as the user of the website of the nature, scope and purpose of personal data processing and your existing rights, providing you are deemed a data subject as defined by Article 4 section 1 of the General Data Protection Regulation. The following data protection policy has already taken into account new developments in line with the General Data Protection Regulation (GDPR), which applies from 25.5.2018. At the same time, this policy also fulfils the hitherto applicable requirements of Article 13 of the German Federal Telemedia Act.
1. Controller
This website and the services offered are operated by
Weleda AG, Schwäbisch Gmünd
Branch of Weleda A.G. Arlesheim/Switzerland
Möhlerstraße 3
73525 Schwäbisch Gmünd
Germany
Tel.: +49 7171 919 0
Email: [email protected]
Website: www.weleda.de
Managing Directors: Dr Aldo Ammendola | Michael Brenner | Andreas Sommer
2. General information
We have developed the website in such a way as to ensure we collect as little data from you as possible. It is possible in principle to visit our website without entering any personal data. The processing of personal data is only necessary if you decide to use certain services (e.g. using the contact form). In doing so, we make sure at all times that we only process your personal data in accordance with a legal basis or consent given by you. We adhere to the provisions of the General Data Protection Regulation (GDPR), applicable from 25.5.2018, and the relevant applicable national regulations, such as the German Federal Data Protection Act, the German Federal Telemedia Act and other special legislation on data protection.
3. Definition
In accordance with GDPR, the terms used in this data protection policy are defined as follows:
‘personal data’ any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘processing’ any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘restriction of processing’ the marking of stored personal data with the aim of limiting their processing in the future;
‘pseudonymisation’ the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
‘controller’ the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘processor’ a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
‘recipient’ a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘third party’ a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
4. Consent
When you visit our website, we will sometimes collect certain personal data concerning you. We require your consent to do this. This takes place in the first instance in our dialogue and service area specifically when contact is made via a contact form, a newsletter is ordered, when booking queries are made, when our services are used (e.g. pregnancy calendar or subscription service).
Declaration of consent
By using the forms we provide, you thereby consent to us collecting the personal data you provide and processing it as indicated in this data protection policy. You may withdraw this consent at any time with effect for the future by providing us with a relevant statement. However, please note that it is no longer possible to use our service without your consent. To withdraw, please use the above methods of contact (in that instance, please state your name, email and postal address).
5. Purpose and legal basis of personal data processing
We process personal data required to legitimise, perform or process our service offering using Article 6, section 1b GDPR as our legal basis. If we use external service providers as part of commissioned data processing, the legal basis for the processing shall be Article 28 GDPR.
We collect, process and use the personal data exclusively for the following purposes:
Purpose of data processing | Legal basis for data processing (‘why is data processing required’) |
when contact is made and for related correspondence | based on your consent |
dealing with your request and to provide you with any additional advice you require | based on your consent |
sending our newsletter, the subscription service | based on your consent |
to ensure that our website is presented to you in the most effective and interesting way (e.g. through anonymised evaluation) | based on legitimate interests |
for technical implementation of our services | based on legitimate interests |
registration as a Weleda user; taking part in product reviews | based on your consent |
participation in competitions | based on your consent |
Please add additonal purposes if necessary |
6. Personal data collected and processed
We only collect and process your personal data when it is freely provided by you with your knowledge e.g. by completing forms or sending emails. This initially concerns the following data in the forms provided:
General contact information:
- Form of address
- First name
- Surname
- Telephone number
- Email address
- Street
- House number
- Postcode
- Town/city
- Request
- Message
Weleda newsletter:
- Form of address
- First name
- Surname
- Email address
- For pregnancy newsletter: Due date
Weleda subscription service:
- Form of address
- First name
- Surname
- Telephone number
- Email address
- Street
- House number
- Postcode
- Town/city
Weleda user account:
- Form of address
- First name
- Surname
- Email address
- Password
Weleda experience centre/events
- Date
- Number of people
- Company
- Form of address
- Title
- First name
- Surname
- Addition
- Telephone number
- Email address
- Street
- House number
- Postcode
- Town/city
- Notes
Please label obligatory fields with *
The personal data you provide and the content thereof shall remain exclusively with us and our associated companies. We shall only store and process your data for the purposes stated in clause 5. Any use beyond the indicated purpose requires your express consent. The same also applies to the transfer and transmission of your data to third parties.
7. General log files
The connection data for the querying computer (IP address), which of our pages you visit, the date and duration of your visit, the identification data of the browser and operating system type used, the web page you are visiting us from and successful access are temporarily recorded by the web server in protocol files (log files). Technical administration of web pages and anonymous collection of statistics allows evaluation of access to the Weleda service and evaluation aimed at improving data protection and data security within our company, in order to ultimately ensure an optimum level of protection for the personal data we process.
The server log file data is stored separately from all the personal data you enter for a period of 12 months for analytical purposes, before being erased.
8. Cookies
We use cookies and similar technologies in order to be able to offer you a personalised online experience. Please see our Cookie Overview. for more information on how Weleda uses cookies and similar technologies.
9. Social plugins
This website has integrated social media/social sharing functions. However, to protect web page users, Weleda has chosen to use Shariff script.
Weleda does not record any personal data through the social plugins or regarding their use itself. To prevent data from being transferred to service providers in the USA without your knowledge, Weleda uses what is known as the Shariff solution. This solution ensures that no personal data is passed on to the providers of the individual social plugins to begin with if you visit this website. Data can only be transferred to the service provider and stored there if you click on one of the social plugins.
For more information on the Shariff solution, please visit the web pages of its provider, Heise Medien GmbH & Co. KG:
www.heise.de
10. Newsletter
When you register for an email newsletter, Weleda requires your form of address, name and the email address the newsletter should be sent to. Any other information is provided voluntarily and is used to address you personally and to be able to personalize the newsletter and answer queries on the email address.
If you register for the newsletter on this web page, Weleda uses the data you enter exclusively for this purpose or to inform you of relevant circumstances concerning this service or its registration. Weleda passes this data on to the third-party provider APSIS for newsletter mailing management and implementation. Weleda has concluded an agreement on the commissioned order processing procedure with APSIS, its email marketing service provider. This ensures that said service provider complies with the strict specifications of German data protection law in every aspect when managing and implementing the newsletter mailing. This also ensures that your data is only stored in the EU with a high degree of protection. Your data is not stored on servers outside of the EU.
A valid email address is required to receive the newsletter. The IP address you use to register for the newsletter and the date you order the newsletter are also stored. This data shall serve as evidence for Weleda in case of misuse, in case an unknown email address is registered for the newsletter. In order to also ensure that an email address has not been improperly entered into the Weleda mailing list by a third party, Weleda follows the ‘double opt-in’ procedure. In this procedure, once you have registered, a confirmation email is sent to the email address you provided. Only when you have confirmed your registration by clicking a link in the email will you then receive the desired email newsletter. As part of this procedure, the ordering of the newsletter, the delivery of the confirmation email and the receipt of confirmation of registration are recorded.
You may at any time withdraw your consent to the storage of the data, your email address and its use for newsletter delivery with effect for the future. Weleda provides a link you can use for said withdrawal in every newsletter. You can also communicate your request for withdrawal in writing to the contact options listed in the imprint.
11. Product reviews
You can review cosmetics products on this web page. The review is left under your full first name and the first letter of your surname. Accordingly, you must use your first name and surname and your email address to set up a user account and/or log in. The pseudonym in the form of your complete first name and the first letter of your surname is inserted as the author of a review and the associated identifying details are only known to the administrator.
12. Weleda product testers
If you have been selected as a Weleda product tester, we store your postal address as well as your first and last names. We only use your postal address to send you the product to be tested and, where necessary, the jackpot.
13. Competitions on Facebook
Personal data is stored for the duration of the competition in order to dispatch any prizes. Once the competition is over, the data is erased. In some individual cases, the data is passed on to external service providers. The participant may withdraw their consent to storage at any time by contacting [email protected] and thereby retire their participation.
The participant also agrees that, for relevant competitions, the photo or product review they upload with their full first name and the first letter of their surname may be published in conjunction with the competition and with any prize awarded, following our approval, on the Weleda web page or Weleda’s Facebook or Instagram presence. The participant themselves is responsible for the lawfulness of the photos uploaded, particularly with regard to image rights. Weleda reserves the right not to approve photos or text with content that is obviously illegal (these photos are not displayed in public and are excluded from the competition).
14. Integration of third-party content and services
Our website uses content and services from other providers. These include, for example, maps and videos provided by Google Maps and YouTube. The IP address must be transmitted in order to ensure that this data can be accessed and displayed in the user’s browser. The providers (hereinafter referred to as ‘third-party providers’) therefore use the user’s IP address.
Although we endeavour only to use third-party providers which only require the IP address to provide content, we have no influence on whether the IP address may be stored. This process may take place for statistical purposes, among others. If we become aware that the IP address is stored, we shall inform you.
Use of Google Analytics
This web page uses Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
Google Analytics also uses cookies, i.e. text files which are stored on your computer and enable analysis of your use of the web page. The information extracted by the cookie regarding your use of this web page is usually transferred to a Google server in the USA and stored there.
IP anonymisation is activated on our web page, meaning that your IP address is shortened in advance by Google within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and shortened there in exceptional cases. In these exceptional cases, in accordance with Article 6 section 1 GDPR, this processing is based on our legitimate interest in statistical analysis of user behaviour for optimisation and marketing purposes.
Google will use this information on our account to evaluate your use of the web page, compile reports on web page activities and provide additional services associated with web page use and Internet use to us as the web page operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies using the relevant setting in your browser software; however, please note that in this case, you may not be able to use all functions of this web page to their full extent.
You can also prevent the collection of the data extracted by the cookie concerning your use of the web page (including your IP address) at Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: Google browser plugin .
Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU.
For more information on how user data is used in Google Analytics, please see Google Analytics Data
You can find Google’s Privacy Policy at: Google Privacy Policy
Use of DoubleClick
This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘DoubleClick’).
DoubleClick uses cookies to place relevant ads for the user, improve reports on campaign performance, or prevent a user from seeing the same ads over and over again. Google uses a cookie ID to record which ads are placed in which browser and can therefore prevent these from being displayed repeatedly. Processing is based on our legitimate interest in optimum marketing of our website in line with Article 6 section 1f GDPR.
DoubleClick can also use cookie IDs to record what are known as conversions, which are linked to ad requests. This is what occurs when a user sees a DoubleClick ad and later uses the same browser to access the advertiser's website and purchase something from it. According to Google, DoubleClick cookies do not contain any personal information.
Due to the marketing tool being used, your browser automatically forms a direct connection to the Google server. We have no influence on the scope and further use of data which is collected through the use of this tool by Google and therefore inform you of what we know: The integration of DoubleClick tells Google that you have accessed the relevant part of our online presence or have clicked on one of our ads. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google and/or have not logged in, the provider may still find out your IP address and store it.
If you would like to opt out of this tracking procedure, you can deactivate cookies for conversion tracking by adjusting your browser’s settings to block cookies from the domain www.googleadservices.com, https://www.google.de/settings/ads. This setting will be erased if you erase your cookies. Alternatively, you can find out about the use of cookies from the Digital Advertising Alliance at www.aboutads.info and adjust your settings accordingly. Finally, you can adjust your browser settings so that you are informed when cookies are used and can decide whether to accept them individually, whether to accept them in certain cases, or whether to opt out of them in general. If you refuse to accept cookies, the functionality of our website may be limited.
Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU.
Please visit the web page below for more information on DoubleClick by Google’s data protection provisions: www.google.de/policies/privacy
Use of Google reCaptcha
On this web page, we also use the reCAPTCHA function provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). This function serves first and foremost to decide whether input is made by a natural person or improperly by means of mechanical and automated processing. The service includes sending Google the IP address and any additional data required by Google for the reCAPTCHA service and, in accordance with Article 6 section 1f GDPR, is based on our legitimate interest in determining individual intention in Internet activity and avoiding misuse and spam.
Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU.
For more information on Google reCAPTCHA and Google’s privacy policy, please visit: www.google.com/intl/de/policies/privacy
Use of Google Maps
On this web page, we also use Google Maps (API), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). Google Maps is a web service which displays interactive maps in order to display visual representations of geographical information. This service is used to show you our location and make it easier to get to us.
When you access the subpages featuring integrated Google Maps, information on your use of our website (such as your IP address) is sent to Google servers in the USA and stored there. This occurs irrespective of whether you are logged into a user account provided by Google or you do not have a user account. If you are logged into Google, your data is directly assigned to your account. If you do not wish it to be assigned to your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates these. Any such evaluation occurs, in accordance with Article 6 section 1f GDPR, based on Google’s legitimate interest in placing personalized advertising, market research and/or needs-based design of its website. You have the right to object to the creation of these usage profiles. To exercise this right, you must approach Google.
Google LLC, with its headquarters in the USA, is certified for the US-European ‘Privacy Shield’ data protection framework, which guarantees compliance with the level of data protection applicable in the EU.
If you do not agree to your data being transmitted to Google in future in conjunction with the use of Google Maps, you can also fully deactivate the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and the map display on this website can then no longer be used.
You can view Google’s terms of use at www.google.de/intl/en/policies/terms/regional. Additional terms of use for Google Maps can be found at www.google.com/intl/en_US/help/terms_maps.html
Detailed information on data protection in conjunction with the use of Google Maps can be found on Google’s website (‘Google Privacy Policy’): www.google.de/intl/en/policies/privacy
Use of retargeting tools
On our website, https://www.weleda.de/, we use what is known as retargeting technology. We use retargeting to categorise web page users into user groups. Depending on the user group, we then address web page visitors on other web pages or in apps with personalised advertising regarding to our products and services.
To do so, we use the following products, which are supplied to us by service providers:
‘Facebook Custom Audience’/’Facebook Pixel’/’Google AdWords User Lists’/’Google Dynamic Remarketing’
‘Facebook Customer Audience’ and ’Facebook Pixel’
‘Facebook Custom Audience’ and ‘Facebook Pixel’ are products of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (‘Facebook’). Our web page uses a ‘Facebook Pixel’ from Facebook which creates a direct connection to the Facebook servers. The fact that you have visited our web page is therefore transmitted to the Facebook server. Facebook assigns this information to your personal Facebook user account, if you have such an account and are logged into it. If you visit other web pages which use ‘Facebook Custom Audience’/’Facebook Pixel’, this information is also linked to your user account. However, we cannot see which other web pages you visit. If you are not a Facebook user or you are not logged in to Facebook when you visit our web page, your visit to our web page is not assigned to a Facebook user account.
For more information on the protection of your privacy at Facebook, please see Facebook’s privacy information at www.facebook.com/about/privacy. In particular, you can manage the content and information you have shared through your use of Facebook via the ‘Activity log’ tool or download it from Facebook via the ‘Download your data’ tool.
‘Google AdWords User Lists’ and ’Google Dynamic Remarketing’
‘Google AdWords User Lists’ and ‘Google Dynamic Remarketing’ are products of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). Our web page uses a pixel provided by Google that creates a direct connection to the Google servers. The fact that you have visited our web page is therefore transmitted to the Google server. Google links this information to a single ID that is stored on your end device in the form of a cookie or is provided by your end device (‘advertising ID’ on smartphones). If you visit other web pages which also use ‘Google AdWords User Lists’/’Google Dynamic Remarketing’, these are also linked to your single ID. However, we cannot see which other web pages you visit.
Opt-out
You can opt out of the use of retargeting tools on our web page at any time for one or more tools.
Please use the cookie preferences to do so.
For each tool, we store an opt-out cookie on your end device which is valid for an unlimited period of time. If you use our web page with various end devices, you must opt out of the use of retargeting tools for each end device, as we cannot assign multiple end devices to individual visitors. By opting out, you stop the integration of the pixels described and no exchange of data with Facebook or Google takes place.
You can also deactivate personalised advertising directly with the advertising networks. For more information, please visit the web pages of Google and Facebook directly.
Use of Mouseflow
We use Mouseflow in order to better understand our users’ needs and to optimize this service and experience. Mouseflow is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Mouseflow uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Mouseflow stores this information in a pseudonymized user profile. Neither Mouseflow nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Mouseflow’s privacy policy by clicking on this link. https://mouseflow.com/privacy/
You can opt-out to the creation of a user profile, Mouseflow’s storing of data about your usage of our site and Mouseflow’s use of tracking cookies on other websites by following this opt-out link. https://mouseflow.com/opt-out/
15. Data security
Unfortunately, the transfer of information via the Internet is never 100% secure, so we are unable to guarantee the security of data transmitted to our website via the Internet.
However, we use technical and organisational measures to protect our website from the loss, destruction, access, modification or distribution of your data by unauthorised persons.
In particular, your personal data is transferred by us in encrypted form. We use the coding system SSL/TLS (Secure Sockets Layer/Transport Layer Security) for this purpose. Our security measures are constantly being improved in line with advances in technology.
16. Subjects’ rights
If you are considered a data subject as defined by Article 4 section 1 GDPR, you have the following rights regarding the processing of your personal data according to the GDPR. The legal text for the rights listed below can be found at:
http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf
Right to confirmation and access
According to the conditions of Article 15 GDPR, you have the right to request confirmation of whether your personal data is being processed, to be given access to the personal data stored concerning you by the controller at any time and free of charge, and to receive a copy thereof.
Right to rectification
According to the conditions of Article 16 GDPR, you have the right to request rectification without undue delay of inaccurate personal data concerning you. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed — including by means of providing a supplementary statement.
Right to erasure
Subject to the conditions of Article 17 GDPR, you have the right to request that personal data concerning you be erased without undue delay, providing one of the grounds stated in Article 17 GDPR applies and processing is not necessary.
Right to restriction of processing
According to the conditions of Article 18 GDPR, you have the right to request the restriction of processing if one of the conditions stated in Article 18 GDPR applies.
Right to data portability
According to the conditions of Article 20 GDPR, you have the right to receive personal data concerning you, and that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit said data to another controller without hindrance from us, providing the additional conditions in Article 20 GDPR apply.
Right to withdraw consent
You have the right to withdraw consent issued to us to processing personal data at any time with effect for the future. Please address your withdrawal to the contact details above.
Right to object
According to the conditions of Article 21 GDPR, you have the right to object to the processing of personal data concerning you at any time. If the conditions for an effective objection are fulfilled, we are no longer permitted to process the data.
Right to lodge a complaint with a supervisory authority
Irrespective of any other remedy in terms of administrative or court proceedings, you have the right to lodge a complaint with a supervisory authority, particularly in the member state in which you reside, in which you work or in which the suspected violation took place, if you believe that the processing of personal data concerning you violates the specifications of the GDPR.
17. Passing on your personal data
Your personal data is passed on as follows.
The website is hosted by an external service provider in Germany. This is required for the operation of the website and for the justification, performance and implementation of the existing usage agreement and may also occur without your consent.
Data is then also passed on if we are entitled or obliged to pass on data as a result of legal provisions and/or by order of authorities or courts. This may include, in particular, disclosure for the purposes of criminal prosecution, emergency response or to implement intellectual property rights.
If your data is passed on to the service provider to the necessary extent, they shall only have access to your personal data to the extent required to fulfil their duties. These service providers are obliged to handle your personal data in line with the applicable data protection laws, particularly the GDPR.
Apart from in the circumstances mentioned above, we shall not transmit your data to third parties without your consent. In particular, we shall not pass on any personal data to an entity in a third country or an international organisation.
18. Storage period for personal data
With regard to the storage period, we erase personal data as soon as its storage is no longer required to fulfil the original purpose and all statutory retention periods have ceased to apply. The statutory retention periods are the ultimate criterion for the definitive duration of storage of personal data. Once the period has expired, the relevant data is erased on a routine basis. If retention periods apply, processing is restricted by blocking the data.
19. Note on provision of personal data by the data subject
We would like to take this opportunity to inform you that the provision of personal data is legally required under certain circumstances (e.g. payment details to pay for billable services) or may arise from contractual arrangements. In order to take full advantage of the services offered on the website, you must conclude a relevant usage agreement with us (general terms of use) through registration. In order for this agreement to be performed, you must provide us with certain personal data (e.g. username, email address) which we process as part of the performance of this agreement. If you do not communicate (provide) this personal data to us, this would make it impossible to conclude the agreement with you or, if only some is provided, our services could not be provided in full.
20. Referrals and links
When accessing web pages referred to by our website, you may be asked to re-enter details such as your name, address, email address, browser properties etc. This data protection policy does not govern the collection, disclosure or handling of personal data by third parties.
Third-party providers may have their own different provisions with regard to collecting, processing and using personal data. When visiting third-party web pages, we therefore advise that you find out about their practice for handling personal data before entering personal data.
21. Changes to the data protection policy
We are constantly developing our website in order to be able to provide you with an improving service. We will keep this data protection policy up to date at all times and adapt it if and when necessary.
We shall of course inform you in good time of any changes to this data protection policy. We may do this, for example, by sending an email to the email address you provided. Should you be required to give additional consent to our handling of your data, we shall of course obtain this from you before any such changes take effect.
You can access the latest version of our data protection provisions online at any time at www.weleda.xy/privacy-policy.
22. Data protection officer
If you have any queries concerning data protection law, please contact our data protection officer.
Herold Unternehmensberatung GmbH
Mr Philipp Herold
Hafenstraße 1a
23568 Lübeck
Email: [email protected]
Web: www.mein-datenschutzbeauftragter.de
Date: 18.04.2018
Cookie Declaration
Use of cookies
On our website, information is collected and stored using what are known as browser cookies.
What are cookies?
Cookies are small text files which are stored on your data carrier and store certain settings and data for interacting with our system via your browser. A cookie usually contains the name of the domain that the cookie data was sent from, information on the age of the cookie and an alphanumeric identification code.
Why do we use cookies?
Cookies allow our systems to recognise the user’s device and make any predefined settings available immediately. Once a user accesses the platform, a cookie is transmitted to said user’s computer hard disk. Cookies help us to improve our website and provide you with a better service more tailored to you. They allow us to recognise your computer and/or (mobile) end device if you return to our website, thus enabling us to:
- Store information on your preferred activities on the website and thus align our website to your individual interests.
- Speed up processing of your queries.
We work together with third-party services that help us make the online service and website more appealing to you. Accordingly, when you visit the website, cookies from these partner companies (third-party providers) are also stored on your hard disk. These cookies are automatically erased after a fixed period.
Can I decide whether cookies are used?
If you do not wish browser cookies to be used, you can adjust the settings for the cookies used on this end device as you wish at any time, by clicking on the cookie settings. Alternatively, you can adjust your browser's settings to prevent it from accepting the storage of cookies. Please note that in that case, you may only be able to use our website to a limited extent, or not at all. If you only wish to accept our own cookies, not those of our service providers and partners, you can select the setting ‘block cookies from third-party providers’ in your browser. We accept no responsibility for the use of third-party cookies.
Cookie Settings
Functional Cookies
These cookies are used to enhance and simplify your user experience. For example, they may remember information about previous choices you have made, remember your password, or allow video or social media content to be properly viewed on the website. Some of them may be required for system administration, to prevent fraudulent activity, to keep you logged in from one page to another, or for a shopping cart function. These cookies cannot be switched off as our website cannot function properly without them.
Cookie Name | Description | Default expiration time |
CUSTOMER_UUID | Konakart: The customer UUID is a key to customer information stored in the database. Customer name, guest customer ID, customer preferences and customer locale are stored. | End of browser session |
JSESSIONID | Tomcat: Session cookie. Used to identify browser information for the session. | End of browser session |
_visitor | Hippo: The only information stored in this cookie is the visitor ID, a UUID that does not contain any information in itself apart from an identifier to distinguish the visitor from other visitors. See www.onehippo.org | 2 years |
_weleda_accepted_cookie | Weleda: This stores a Boolean (true/false) when user accepts the cookie policy. | 30 days from set/update |
nlSubscriptions | Weleda.
Records the internal Newsletter Mailing List IDs for which the user subscribed or declined through the Website, as well as the Date of the event. The cookie is used to track the closing or filling of newsletter subscriptions forms on the Website, in order to provide a better user experience. |
30 days from last set/update |
newsletterbar | Weleda.
Contains the value « collapsed » when the user collapses the newsletter-bar module on the website. Is used to keep showing the module collapsed during the Session. |
30 days from last set/update |
weledaCookieOptInState | Weleda: Records if you have accepted the use of cookies on the website. It does not contain any user information. It collects information in an anonymous form by using a unique identifier. This cookie remains on your computer after the session has closed. | This cookie remains on your computer after the session has ended until you delete your cookies. |
cookieNoticeRead | Weleda: Records whether you have been shown the Cookie policy banner at your arrival on to the site, so as not to show it to you again. It collects information in an anonymous form using a unique identifier. This cookie remains on your computer after the session has closed. | 5 days from set/update |
Performance, Analytics and Targeting Cookies
These cookies allow us to collect information about your use of our site, and are used to help us understand how you interact with our site so we can provide you with an improved user experience e.g. to assess the performance of our website, or to test different design ideas for the website. We may work with third parties to perform these services for us, so these cookies may be set by a third party.
Cookie Name | Description | Default expiration time |
---|---|---|
__utma | Google analytics: Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics. See developers.google.com | 2 years from set/update |
__utmb | Google analytics: Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. | 30 mins from set/update |
__utmc | Google analytics: Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. | End of browser session |
__utmz | Google analytics: Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. | 6 months from set/update |
__utmx | Google analytics: Google Analytics - Used to determine a user's inclusion in an experiment. | Valid for 18 months. |
__utmxx | Google analytics: Google Analytics - Used to determine the expiry of experiments a user has been included in. | Valid for 18 months. |
_ga | Google analytics: Used to distinguish users. Used in file analytics.js | 2 years |
_gat_UA-57093936-10 | Google analytics: Used to throttle request rate. Used in file analytics.js | 10 minutes |
_gaexp | Google Optimize: Google Optimize - Used to determine a user's inclusion in an experiment and the expiry of experiments a user has been included in | Expires after 90 days. |
_olapicU | Olapic Inc.: These cookies work with Olapic, a social images sharing tool, owned by Olapic Inc, These cookies track user actions to allow us to interact with users of social media platforms. More Information can be found at www.olapic.com/privacy-policy | Expires after 4 weeks. |
_atuvc | AddThis: The _atuvc cookie is created and read by the AddThis social sharing site JavaScript on the client side in order to make sure the user sees the updated count if they share a page and return to it before our share count cache is updated. No data from that cookie is sent back to AddThis and removing it when disabling cookies would cause unexpected behavior for users. | Expires after 2 years. |
JSESSIONID | Weleda: The cookie allows us to identify you as a visitor to the Website, stores your session ID and is removed when you close your browser | Expires after Session has ended. |
_dc_gtm_UA-(ID) | Weleda: This cookie allow us to track events and analytics on the website | Expires after Session has ended. |