Datenschutz | Vital

PRIVACY POLICY

Deutsch

English

Name and contact details of the data controller:

The Yogavee

c/o Impressumservice Dein-Impressum

Stettiner Str. 41

35410 Hungen

Germany

Represented by: Lea Daniels

Email: hi@theyogavee.com

We appreciate your interest in our online shop. Protecting your privacy is very important to us. Below, we provide detailed information about how your data is handled.

1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a web page is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the retrieval. This access data is evaluated solely for the purpose of ensuring a smooth operation of the site and improving our offering. This serves to protect our legitimate interests in the correct presentation of our offering, which are overriding in the context of a balancing of interests pursuant to Art. 6(1)(f) GDPR. All access data is processed only as long as necessary to fulfill the above purposes.

The services for hosting and displaying the website are partially provided by our service providers as part of processing on our behalf. Unless otherwise specified in this privacy policy, all access data as well as all data collected through forms on this website are processed on their servers. If you have questions about our service providers or the basis of our cooperation with them, please contact us using the contact details provided in this privacy policy.

The adequacy decision for the USA serves as the basis for data transfers to third countries, provided the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
There is no adequacy decision by the European Commission for these countries. Our cooperation with these providers is based on the following safeguards: Standard Contractual Clauses of the European Union.

2. Data Processing for Contract Execution and Contacting Us

2.1 Data Processing for Contract Execution

We collect personal data when you voluntarily provide it to us in the context of placing an order or contacting us (e.g., via contact form or email). Required fields are marked as such because we need the data in these cases to process the contract or respond to your inquiry. Without this information, you cannot complete your order or submit your contact request. The specific data collected is visible in the respective input forms.

We use the data you provide for contract execution and for processing your inquiries (including claims related to warranties, performance issues, or statutory update obligations) in accordance with Art. 6(1)(b) GDPR.

Further details regarding the processing of your data, particularly regarding the disclosure to our service providers for order, payment, and shipping purposes, are outlined in subsequent sections of this Privacy Policy.

Once the contract has been fully processed, your data will be restricted for further processing and deleted after the expiration of any applicable tax and commercial retention periods pursuant to Art. 6(1)(c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(a) GDPR, or we reserve the right to use your data beyond this as permitted by law, which we inform you about in this Privacy Policy.

2.2 Contacting Us

In the context of customer communication, we collect personal data in order to process your inquiries in accordance with Art. 6(1)(b) GDPR when you voluntarily provide it to us (e.g., via contact form, live chat tool, or email). Required fields are marked as such, since we need this data to process your inquiry. The specific data collected is visible in the respective input forms.

Once your inquiry has been completely processed, your data will be deleted, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(a) GDPR, or we reserve the right to use your data beyond this as permitted by law, which we inform you about in this Privacy Policy.

2.3 Data Processing for Appointment Booking / Reservation

We collect personal data when you voluntarily provide it to us in the course of booking an appointment or making a reservation. Required fields are marked as such, since this data is essential for booking the appointment/reservation and cannot be submitted without it. The specific data collected is visible in the respective input forms. Any information entered into free-text fields is optional and not required for submission. We kindly request that you refrain from entering sensitive data (e.g., health-related information such as medical conditions) in these fields.

We use the data you provide for booking appointments or reservations pursuant to Art. 6(1)(b) GDPR. After the appointment/reservation has been fulfilled, your data will be restricted from further processing and deleted after the expiration of any applicable tax and commercial retention periods in accordance with Art. 6(1)(c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6(1)(a) GDPR, or we reserve the right to use your data beyond this as permitted by law, which we inform you about in this Privacy Policy.

Appointment Booking Solution: Wix Bookings

For the purpose of appointment booking, we use the booking solution provided by Wix.com Ltd., Yunitsman 5 St, Tel Aviv, Israel. The service provider operates on our behalf.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined by decision that they offer an adequate level of data protection: Israel.

3. Data Processing for Shipping Purposes

For the fulfillment of the contract pursuant to Art. 6(1)(b) GDPR, we pass on your data to the shipping service provider commissioned with the delivery, to the extent necessary for delivering the ordered goods.
If you have questions about our service providers and the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

4. Data Processing for Payment Handling

For payment processing in our online shop, we work with the following partners: technical service providers, financial institutions, and payment service providers.

4.1 Data Processing for Transaction Execution

Depending on the selected payment method, we transmit the data required for processing the payment transaction to our technical service providers (acting on our behalf as data processors), to the commissioned financial institutions, or to the chosen payment service provider, to the extent this is necessary for the execution of the payment. This is done in accordance with Art. 6(1)(b) GDPR.

In some cases, payment service providers collect the necessary data themselves, e.g., on their own websites or via technical integration in the ordering process. In such cases, the privacy policy of the respective payment service provider applies.

If you have any questions about our payment processing partners or the basis of our cooperation with them, please contact us using the contact details provided in this Privacy Policy.

4.2 Data Processing for Fraud Prevention and Optimization of Payment Processes

Where applicable, we may provide our service providers with additional data that they, as processors acting on our behalf, use together with the data necessary for payment processing for the purposes of fraud prevention and optimizing our payment processes (e.g., invoicing, handling disputed payments, supporting accounting). This serves our legitimate interests in protecting against fraud and in efficient payment management, which are overriding in the context of a balancing of interests pursuant to Art. 6(1)(f) GDPR.

5. Email Marketing

Email Newsletter with Subscription

If you subscribe to our newsletter, we will use the data required for this purpose or the data you provided separately to send you our email newsletter regularly based on your consent in accordance with Art. 6(1)(a) GDPR. You may unsubscribe from the newsletter at any time by contacting us using the contact details provided below or via the unsubscribe link included in every newsletter.

After you unsubscribe, your email address will be removed from the mailing list unless you have expressly consented to further use of your data in accordance with Art. 6(1)(a) GDPR, or we reserve the right to use your data beyond this, as permitted by law and explained in this Privacy Policy.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined by decision that they provide an adequate level of data protection: Israel, United Kingdom, USA.
The adequacy decision for the USA serves as the basis for data transfers to third countries, provided the respective service provider is certified. Certification is in place.

Our service providers are located and/or use servers in the following countries: Brazil, Mexico, India, Ukraine.
For these countries, no adequacy decision by the European Commission exists. Our cooperation with these providers is based on the following safeguards: Standard Contractual Clauses of the European Union.

6. Cookies and Other Technologies

6.1 General Information

To make your visit to our website attractive and enable the use of certain features, we use various technologies on several pages, including so-called cookies. Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the browser session ends—i.e., after you close your browser (session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies).

Protection of Privacy on End Devices
When using our online services, we deploy technologies that are strictly necessary to provide the explicitly requested telemedia service. The storage of or access to information already stored on your device does not require consent in such cases.

For functionalities that are not strictly necessary, storing or accessing such information on your device does require your consent. Please note that refusal to provide consent may result in parts of the website being limited in functionality. Any consents you provide remain in effect until you modify or reset your device settings.

Subsequent Data Processing by Cookies and Other Technologies
We use technologies that are essential for certain features on our website (e.g., shopping cart functionality). These technologies collect and process your IP address, time of visit, device and browser information, and details about your use of our website (e.g., cart contents). This data processing is based on our legitimate interests in an optimized presentation of our services according to Art. 6(1)(f) GDPR.

Additionally, we use technologies to comply with legal obligations (e.g., for consent logging) as well as for web analytics and online marketing purposes. Further details, including the legal basis for such processing, are provided in the relevant sections of this Privacy Policy.

Cookie Settings
You can find your browser’s cookie settings at the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

Where you have provided consent to the use of technologies as per Art. 6(1)(a) GDPR, you may withdraw this consent at any time by contacting us through the details provided in this Privacy Policy. Alternatively, you can use the cookie settings button provided.

6.2 Use of Wix Consent Manager Tool

We use the Wix Consent Manager Tool on our website to inform you about the cookies and other technologies we use and to obtain, manage, and document your consent, where required, for the processing of your personal data through such technologies. This is necessary in accordance with Art. 6(1)(c) GDPR to fulfill our legal obligation under Art. 7(1) GDPR to document your consent.

The Wix Consent Manager Tool is provided by Wix.com Ltd., 40 Nemal St., Tel Aviv 6350671, Israel (“Wix”). Upon providing your cookie consent on our website, the Wix web server stores your IP address, the date and time of your declaration, browser information, language, the referring URL, and your consent preferences. A cookie is also stored that contains your consent information. Your data is deleted after 365 days unless you have expressly consented to further use of your data according to Art. 6(1)(a) GDPR or we reserve a legally permissible extended use of your data as explained in this Privacy Policy.

Our service providers are located and/or use servers in the following countries recognized by the European Commission as offering an adequate level of data protection: Israel, United Kingdom, USA.

The adequacy decision for the USA serves as the legal basis for data transfers, provided the respective provider is certified. Certification is in place.

Our service providers are also located and/or use servers in: Brazil, Mexico, India, Ukraine.
For these countries, no adequacy decision exists. Our cooperation is based on the European Commission’s Standard Contractual Clauses.

6.2 Use of Wix Consent Manager Tool

Our service providers are located and/or use servers in the following countries recognized by the European Commission as offering an adequate level of data protection: Israel, United Kingdom, USA.

The adequacy decision for the USA serves as the legal basis for data transfers, provided the respective provider is certified. Certification is in place.

6.3 Information on Third Country Transfers

We use technologies from providers whose headquarters and/or server locations may be in countries outside the EU/EEA (“third countries”). If no adequacy decision exists for such a country, we must ensure an adequate level of data protection through other appropriate safeguards.

Suitable safeguards may include EU Standard Contractual Clauses or Binding Corporate Rules. However, according to the European Court of Justice (ECJ), additional protective measures may be required to ensure adequate protection.

We generally enter into EU Standard Contractual Clauses with technology providers that process personal data in third countries. Where possible, we also implement additional safeguards to ensure that an adequate level of data protection is maintained even in countries without an adequacy decision.

Nonetheless, despite all contractual and technical measures, data protection standards in third countries may not fully match EU standards. In such cases, we request your explicit consent under Art. 49(1)(a) GDPR during the cookie consent process for data transfers to such countries.

Risks may include:

Local authorities in the third country may not be adequately restricted in accessing your personal data from a European data protection perspective.
Neither you nor we may be aware of such access.
You may not have sufficient legal remedies to prevent or contest such access.

Examples of such third countries include (non-exhaustive):

China
Russia
Taiwan

You can find information about the third countries we transfer data to in the individual data protection notices for each tool or consent management platform (CMP) used.

7. Use of Cookies and Other Technologies

We use the following cookies and other technologies from third-party providers on our website. Unless otherwise specified for the individual technologies, this is based on your consent in accordance with Art. 6(1)(a) GDPR. Once the purpose ceases to apply and the respective technology is no longer used by us, the data collected in connection with it will be deleted. You can withdraw your consent at any time with effect for the future. More information on your withdrawal options can be found in the section “Cookies and Other Technologies.”

Further information, including the legal basis of our cooperation with individual providers, can be found in the descriptions of the respective technologies. If you have questions about these providers or the basis of our cooperation with them, please contact us using the details provided in this Privacy Policy.

8. Social Media

8.1 Social Buttons from Facebook (by Meta), Instagram (by Meta)

Our website uses social buttons from social networks. These buttons are only integrated into the page as HTML links, so no connection to the servers of the respective provider is established when you access our website.

When you click on one of the buttons, the respective social network’s website will open in a new browser window. There, you can—for example—click a Like or Share button.

8.2 Our Online Presence on Facebook (by Meta), Instagram (by Meta), YouTube

If you have given your consent pursuant to Art. 6(1)(a) GDPR to the respective social media platform operator, your data will be automatically collected and stored for purposes of market research and advertising when visiting our online presences on the aforementioned social media platforms. From this data, user profiles are created using pseudonyms. These profiles may be used, for example, to display advertisements both within and outside the platforms that presumably match your interests. Cookies are usually used for this purpose.

For detailed information about how the respective social media provider processes and uses your data, including contact information and your rights and privacy setting options, please refer to the privacy policies linked below for each provider. If you need assistance with this, you are welcome to contact us.

Facebook (by Meta)

Facebook (by Meta) is a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information automatically collected by Meta Platforms Ireland about your use of our Facebook online presence is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there.

Data processing during visits to a Facebook (by Meta) fan page is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information (regarding Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has determined an adequate level of data protection: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA serves as the basis for data transfers to the USA, provided the respective service provider is certified. Certification is in place.

Our service providers are also located and/or use servers in the following countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.

No adequacy decision has been made for these countries. Our cooperation with these providers is based on the EU Commission’s Standard Contractual Clauses.

Instagram (by Meta)

Instagram (by Meta) is also a service of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland ("Meta Platforms Ireland"). Information automatically collected by Meta Platforms Ireland about your use of our Instagram online presence is typically transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA, and stored there.

Data processing for visits to an Instagram (by Meta) fan page is based on a joint controller agreement pursuant to Art. 26 GDPR. Further information (regarding Insights data) can be found here.

Our service providers are located and/or use servers in the following countries with an EU adequacy decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

For transfers to countries without an EU adequacy decision (e.g., Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico), we rely on the EU Commission’s Standard Contractual Clauses.

YouTube

YouTube is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information Google automatically collects about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and stored there.

Our service providers are located and/or use servers in countries outside the EU and EEA for which the European Commission has issued an adequacy decision.

In other cases, where no adequacy decision exists, our cooperation with these service providers is also based on the EU Commission’s Standard Contractual Clauses.

9. Contact Options and Your Rights

9.1 Your Rights

As a data subject, you have the following rights:

Pursuant to Art. 15 GDPR, the right to obtain access to your personal data processed by us to the extent specified therein;
Pursuant to Art. 16 GDPR, the right to request the immediate rectification of inaccurate or incomplete personal data stored by us;
Pursuant to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is necessary
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation;
- for reasons of public interest; or
- for the establishment, exercise, or defense of legal claims;
Pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, where
- the accuracy of the data is contested by you;
- the processing is unlawful but you oppose the erasure of the data;
- we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
- you have objected to the processing pursuant to Art. 21 GDPR;
Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller;
Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your habitual residence or workplace or at the location of our company headquarters.

Right to Object

Where we process personal data as explained above to safeguard our legitimate interests within the framework of a balancing of interests, you may object to this processing with effect for the future.

If the processing is carried out for direct marketing purposes, you may exercise your right to object at any time as described above. If the processing is carried out for other purposes, you have a right to object only if there are reasons arising from your particular situation.

Once you have exercised your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

This does not apply to processing for direct marketing purposes. In that case, we will cease processing your personal data for such purposes.

9.2 Contact Options

If you have any questions about the collection, processing, or use of your personal data, or if you wish to request information, rectification, restriction, or deletion of data, or to revoke any consent given or object to a specific use of data, please contact us directly using the contact details provided in our Imprint.