Bonano GmbH develops natural cosmetics products. In the following, we would like to provide you with information on the processing of personal data which is carried out within the context of the online services we provide. It is of great importance to us that we deal with personal information in a careful way. In the processing of your personal data, we of course comply with the statutory regulations and we take the protection of your data very seriously. You may print out this document or save it by making use of the usual functionality of your browser (usually File/Save to).
1. Point of contact
Point of contact and the organisation responsible for the processing of your personal data when you visit this website in accordance with the General Data Protection Regulation (GDPR) is:
Tel.: 06251 – 8626 0
Fax.: 06257 – 9322 8658
Please feel free to contact us at any time if you have any questions on the theme of data protection in connection with our products or the use of our website. You can reach us via the contact details given above or via our contact form.
2. Processing of personal data
When you make use of our online provision, or interact with our website (e.g. by filling out and submitting our contact form), processing of your personal data takes place.
2.1 Personal data
Personal data is information which relates to an identified or identifiable person. This includes in particular details which permit conclusions to be drawn about your identity, for example, your name, your telephone number, your address or your e-mail address. Statistical data which we collect when a visit is made to our website, for example, and which cannot be connected to your person, does not fall into the category of personal data.
2.2 Use for information purposes
If you make use of our online provision purely to get information, we do not collect any personal data, with the exception of the data which your browser transfers in order to make it possible for you to visit the website. This includes, for example:
Request (file name of the requested file)
Browser type / version (e.g. Internet Explorer 6.0)
Browser language (e.g. German)
Operating system being used (e.g. Windows XP)
Java script activation
Java On / Off
Cookies On / Off
Referrer URL (the previous site visited)
IP address – is then immediately deleted afterwards
Time of the access
Town and country
If required, form content (for free text fields, e.g. name and password, only "filled in" or "not filled in" is transmitted)
he IP addresses of the users are deleted or anonymised after the end of the session. Anonymisation means that the IP addresses are modified to such an extent that the individual entries concerning personal or factual issues can no longer (or only involving a disproportionate amount of time, costs and labour) be assigned to a particular natural person or a natural person whose identity could be determined. The data in the so-called log files is evaluated by us in an anonymised form so that we can make further improvements to the Bonano online provision and make it more user-friendly, and to enable us to find and resolve errors more quickly. It is also used for the management of server capacity to enable us to make available the correspnding volume of data if required.
2.3 Contact form and making contact via e-mail
As well as the use of our online provision for the sole purpose of getting information, there are also various options for interacting with us and we offer services which you can make use of if you are interested in doing so. These include our contact form and the option of contacting us via e-mail. To make use of these functions, you will need to supply further personal details which we will use and store in order to perform the service required. If you supply personal data to us via our contact form or via e-mail, we will use this data only to answer your query or to process your complaint and we will do this in compliance with the statutory regulations on data protection. In the case that you establish contact via the contact form, we store your first name and surname, your e-mail address and your preferred title in order that we can answer your query comprehensively and in a proper way. In the case that it is possible for you to provide additional details on a voluntary basis, these fields are marked accordingly and serve to allow us to answer your query in a better way. The legal basis for queries relating to products is Art. 6 para. 1 point b of the GDPR. The legal basis for queries not related to products is Art. 6 sentence 1 point f of the GDPR.
We undertake only to use the data for the underlying purpose and in accordance with the statutory provisions on data protection.
2.4. Surveys, competitions and prize draws
If you take part in one of our surveys, we use your data for market research and opinion research. As a matter of principle, we evaluate the data in an anonymised form for our internal purposes. In the case that surveys are in exceptional cases not evaluated anonymously, the data is exclusively collected with your consent. The GDPR is not applicable to anonymous surveys and, for the exceptional case of person-related evaluations, the legal basis is the above-mentioned consent, in accordance with Art. 6 para. 1 sentence 1 point a of the GDPR.
Within the context of prize draws and competitions, we use your data for the purpose of carrying out the promotion in question and to inform the winners. You can find detailed information on this if required in the conditions of participation for the respective promotion. The legal basis for the processing of the data is the prize draw/competition contract in accordance with Art. 6 para.1 sentence 1 point b of the GDPR.
3. Passing on personal data
We will in principle only pass on data which we have collected if:
- you have expressly given your consent to this in accordance with Art. 6 para. 1 sentence 1 point a of the GDPR,
- the passing on of data is required in accordance with Art. 6 para. 1 sentence 1 point f of the GDPR for the assertion, exercise or defence of legal claims and there is no reason to suppose that you have an outweighing interest worthy of protecting in your data not being passed on,
- we are legally bound to pass on data in accordance with Art. 6 para. 1 sentence 1 point c of the GDPR or
- this is legally permissible and necessary in accordance with Art. 6 para. 1 sentence 1 point b of the GDPR for the handling of contractual relations with yourself or for the carrying out of precontractual measures which are carried out at your request.
A part of the data processing may be carried out by our service providers. As well as the service providers mentioned in this Privacy Statement, this may also include in particular computer centres which store our website and databases, IT service providers who maintain our system, and consultancy firms. In the case that we pass on data to our service providers, this data may only be used for the fulfilment of their assigned tasks. Our service providers have been carefully selected and appointed by us. They are contractually obliged to comply with our instructions, have in place the appropriate technical and organisational measures to protect the rights of the persons in question, and are regularly monitored by us.
The passing on of personal data to Alnatura Produktions- und Handels GmbH, Darmstädter Strasse 63, 64404 Bickenbach may take place for the processing of contracts or in order to answer customer enquiries.
Furthermore, data may be passed on in connection with enquiries from the authorities, court rulings and legal proceedings, if this is necessary for the assertion of rights or enforcement of the Law.
4. Storage and deletion of your data
As a matter of principle, we only store personal data for as long as this is necessary for the fulfilment of the contractual or legal duties for which we have collected the data. After this, we delete the data without delay, unless we need to keep the data until the expiry of the statute of limitation for the purpose of providing proof for claims under civil law or on account of a legal obligation to retain data.
We are legally obliged to retain contractual details, for the purpose of providing evidence, for a further three years from the end of the year in which the business relationship with you comes to an end. Any claims become time-barred in accordance with statutory limitation periods at this point in time at the earliest.
Even after this period, we are bound to retain some of your data for reasons of bookkeeping. We are bound to do this on account of the statutory obligation to provide documentation which may arise in particular through the German Commercial Code (HGB) and the German Fiscal Code (AO). The terms prescribed here for the retention of documentation are up to ten years.
Cookies are small data files which are stored on your data carrier and save certain settings and data which they share with our system via your browser. Cookies cannot run any programmes or transmit any viruses to your computer. They serve to make the internet provision more user-friendly and more effective overall.
In general we distinguish between two kinds of cookies, so-called session cookies that are deleted as soon as you close your browser (= end of the session) and temporary/permanent cookies which are stored on your data carrier for a longer period or for an unlimited period of time. This storage helps us to optimise the way we set up our website and makes it easier for you to use by, for example, storing certain entries that you have made in such a way that you do not have to constantly repeat them.
Most of the cookies which we use are session cookies and are automatically deleted from your hard drive at the end of the browser session. In addition to this, we also use permanent cookies which remain on your hard drive. If you visit our website again, they automatically recognise that you have been on the website before and remember the entries you made and your preferred settings. These cookies remain on your hard drive and are deleted automatically after the expiry of a prescribed period of time.
The cookies we use cannot be assigned to a particular person and can therefore not be assigned to you in particular. When the cookies are activated, they are assigned an identification number. Allocation of your personal details to this identification number is not possible at any time and does not take place. Your name or similar data are not stored in such a way as to facilitate assignment of the cookies to your person.
You can delete the cookies in the security settings of your browser at any time and you can configure your browser settings according to your preferences (e.g. the acceptance of third-party cookies or the rejection of all cookies). As a rule, you can find out how you can reject new cookies and delete cookies which you have already received in the menu of your internet browser via the Help function. We would like to point out, however, that this may mean that you are not able to make use of all of the functions of our online provision.
6. Google Maps
This website uses the maps service Google Maps of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We make use of this service in particular for the provision of the function "Store Locator". In order that the Google Maps material used by us can be integrated and displayed in your web browser, your web browser must take up contact with a server of Google when the contact page is called up, and this server may be situated in the USA. In the case that any personal data is transmitted to the USA, Google operates under the framework of the EU-US Privacy Shield . Through this, Google receives the information that the contact page of one of our online services has been called up by the IP address of your device.
7. Your rights
You have the right to request information at any time on the processing of your personal data carried out by us. When issuing this information, we will explain the processing of the data which we do and will make available to you an overview of the data on your person which we are holding. Should any of the data stored by us be incorrect or no longer up to date, you have the right to have this data corrected. You may also request that your data is deleted. Should it in exceptional cases be the case that it is not possible to delete the data on account of other statutory regulations, then the data will be blocked in order that it will solely be available for the legal purpose in question. You may also limit the processing of your data, e.g. if you are of the opinion that the data we are holding is not correct. You also have the right to have the data transferred to you, i.e. at your request, we will send you a digital copy of the personal data which you have supplied to us.
If you wish to act on any of the rights described here, please feel free to get in touch with us at any time using the contact details given above. This is also the case if you would like to be sent copies of guarantees as proof of having an appropriate level of data protection.
You also have the right to object to the processing of your data, on the basis of Art. 6 para. 1 point e or f of the GDPR. Ultimately, you have the right to complain to the Data Protection authorities who are responsible for overseeing us. You can act on this right by contacting a supervisory authority in the member state of the town/city where you live, or where you work, or the place where the alleged violation of rights has occurred. In Hesse, where the head office of Bonano is located, the responsible supervisory authority is the Hesse Data Protection Officer, PO Box 3163, 65021 Wiesbaden.
8. Data security
We use the most up-to-date technical measures to ensure data security, in particular to protect your personal data from any danger during transmission and to prevent it from being accessed by any third parties. These measures are regularly updated to ensure that they are in all cases in line with the latest developments in technology.
9. Changes to our Privacy Statement
We may make updates to this Privacy Statement from time to time – for example, if we make modifications to our website or if there are changes in the statutory requirements in this respect.
Dated: May 2018