1. Name and Address of the Person Responsible

Better Life GmbH
Managing Director: Christian Riesenberger
Reinhold Frank-Str.1
76131 Karlsruhe
Phone: 0151 253 71299
E-mail: info[at]antiallergy.com

2. Information on Data Processing / Definition of Terms

2.1. In the following, we inform you of the processing of your personal data when using our website and inform you of your rights as a person concerned.

2.2. Only if we subsequently inform you that the provision of personal data is required by law or contract or is necessary for a contract to be concluded and that you as the data subject are obliged to provide the personal data, will these circumstances exist. Automated decision making or profiling pursuant to Article 22(1) and (4) shall only take place if we make explicit reference thereto.

2.3. If you do not provide us with the data in accordance with the cases outlined below, this would mean that you would not be able to use the Service / the corresponding function or you would not be able to contact us.

2.4. For the purpose of this privacy statement, there are:
Cookies: Cookies are small text files that are stored by your browser on your terminal device. Cookies serve to make our offer more user-friendly and more secure.

The cookies are stored on the User’s terminal device, and the cookie data is transmitted to us by this device. As a User, you can control the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. You can delete already saved cookies at any time – even automatically.

If you deactivate cookies, however, you may no longer be able to take full advantage of all the functions on the websites you visit or various tools on the Internet.

2.5. To some extent, we use external service providers (contract processors within the terms of Art. 28 of the GDPR) to process your data whereby we disclose personal data, if necessary. These are carefully selected and commissioned by us, are bound by our instructions and are monitored regularly. Otherwise, your data will only be disclosed to other recipients if we refer to this separately below.

3. Data Processing via Website

3.1. Encoding
In order to ensure that your personal data is processed in such a way that it is protected from unauthorised or unlawful processing and from accidental loss, destruction or damage, we use encryption (SSL or TLS) on our website and all subpages.

3.2. Visiting our website and using our mobile application

3.2.1 Visiting our homepage (www.antiallergy.de)

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. This involves the following data:

  • Name of the retrieved file
  • Date and time of retrieval
  • Transferred amount of data
  • Message as to whether the retrieval was successful
  • IP address
  • Browser type
  • Browser version and its language
  • Operating system and its interface
  • Referrer URL
  • Access status/http status code
  • Type of terminal device

 

The data are stored in the log files of our host’s IT system.

Purpose of processing: the processing of the above-mentioned data is necessary in order to display the website to you and to be able to guarantee the security and stability of our information technology systems and the technology of our website. Processing also takes place to provide law enforcement authorities with the information they need to prosecute in the event of a cyber attack.

Legal basis: we have a legitimate interest in data processing within the terms of Art. 6 (1) lit. f of the GDPR, whereby the legitimate interest arises from the aforementioned purpose.

Storage period: the data will be deleted as soon as the data storage can no longer fulfil the purpose. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

3.2.2 Visiting and using our web application (app.antiallergy.de)
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. This involves the following data:

  • Name of the file or resource being retrieved
  • Date and time of retrieval
  • Message as to whether the retrieval was successful
  • IP address
  • Browser type
  • Browser version and its language
  • Operating system and its interface

The data are stored in the log directory of our host’s IT system.

Purpose of processing: the processing of the above-mentioned data is necessary in order to display the website to you and to be able to guarantee the security and stability of our information technology systems and the technology of our website. Processing also takes place to provide law enforcement authorities with the information they need to prosecute in the event of a cyber attack.

Legal basis: we have a legitimate interest in data processing within the terms of Art. 6 (1) lit. f of the GDPR, whereby the legitimate interest arises from the aforementioned purpose.

Storage period: the data will be deleted as soon as the data storage can no longer fulfil the purpose. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

3.2.3 Use of mobile applications
The mobile application communicates with our server which collects the following data and information from the device as part of the request:

  • Name of the file or resource being retrieved
  • Date and time of retrieval
  • Message as to whether the retrieval was successful
  • IP address
  • Application type and application ID
  • Operating system and its interface

The data are stored in the log directory of our host’s IT system.
In addition, the following data and information is collected anonymously by Google Analytics:

  • Which screen or function of the application is accessed
  • How often and for how long a screen is viewed
  • Anonymised IP address
  • Access time
  • Access point
  • Type or model of device
  • Application version
  • Operating system
  • Screen resolution
  • Name of the Internet service provider
  • Frequency of use

Information about crashes and exception errors

Purpose of processing: the processing of the above-mentioned data is necessary to be able to show you the application and to guarantee the security and stability of our information technology systems and the technology of our application. Processing also takes place to provide law enforcement authorities with the information they need to prosecute in the event of a cyber attack.

Legal basis: we have a legitimate interest in data processing within the terms of Art. 6 (1) lit. f of the GDPR, whereby the legitimate interest arises from the aforementioned purpose.

Storage period: the data will be deleted as soon as the data storage can no longer fulfil the purpose. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

3.3. Contact – General
When you contact us (e.g. by email, fax), we will store the data you have provided us with, such as your name, email address and any other contact data you have provided.

Purpose of processing: the processing of the above-mentioned data is necessary to respond to your contact.

Legal basis: the processing of the data may have different legal bases depending on the request. In any case, however, the processing is required to protect our legitimate interests within the terms of Art. 6 (1) lit. f of the GDPR. The legitimate interest arises from the fact that we want to fulfill the processing purpose.

Storage period: we will delete your personal data at the latest as soon as the storage is no longer necessary. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

3.4. Our Own cookies
We use our own cookies at various points on our website. We refer you to the subpoint “Information on Data Processing / Definition of Terms” regarding the function of cookies and how you can generally prevent the setting of a cookie.

We do not use permanent cookies, only session cookies.

Session cookies store the following data:

  • JWT_TOKEN (logon token)
  • XSRF_TOKEN (logon token)

Session cookies are set by our system without consent.

Purpose of processing: session cookies are used so that the system recognizes you as logged in during use and you do not have to log in again.
Legal basis: cookies are set to protect our legitimate interests within the terms of Art. 6 (1) lit. f of the GDPR, whereby the legitimate interest then arises from the fact that we wish to fulfil the processing purpose.

Storage period: session cookies are automatically deleted at the end of your visit. The data transmitted by the cookie will be deleted immediately after your evaluation.

3.5. Google Analytics
We use the web analysis service Google Analytics on our Internet pages and in the mobile applications. The provider is Google Inc. (hereinafter “Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics is a web analytics service used to collect, store and analyse data on the behaviour of website visitors. Google Analytics uses cookies that transmit data to Google for the purpose of analysis when you access our website.

As part of this process, the following data are generally transmitted to and stored on Google servers:

  • Referrer URL
  • Which subpage of the website is accessed
  • How often and for how long an subpage is viewed
  • Anonymised IP address
  • Access time
  • Access point
  • Frequency of visits to our website.

We have activated the addition “_gat._anonymizeIp” for this service. Thereby, Google will shorten and anonymise the IP address of your internet connection if you access our website from a member state of the European Union or from other contracting states to the Agreement on the European Economic Area. In exceptional cases, the full IP address will be transmitted to a Google server in the USA and shortened there.

Purpose of processing: the purpose of the Google Analytics tool is to analyse the flow of visitors to our website. Google uses the data collected to evaluate the use of the website and provides us with online reports showing the activities on our website. The use of Google Analytics allows us to optimise the website and execute a cost-benefit analysis of our Internet advertising.

Legal basis: we only use cookies if you consent. In order to obtain your consent, we have activated a cookie layer on our website. By clicking on the button located there, you consent to the setting of cookies. The use of Google Analytics therefore takes place in accordance to the legal basis of Art. 6 (1) lit. a of the GDPR.

Storage period: Google stores the data obtained by Google Analytics for a maximum of 14 months.

Third country transmission: the data are usually transferred to the Google servers in the USA and stored there.

Transmission to third parties: it is possible that Google will pass on the data obtained in the process to third parties.

Furthermore, you have the option to object to the collection of data generated by Google Analytics relating to the use of this website and to the processing of this data by Google in general and to prevent such collection. To do so, you must download and install a browser add-on from https://tools.google.com/dlpage/gaoptout link. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to Internet pages may be transmitted to Google Analytics. Google considers the installation of the browser add-on a contradiction. If you later delete, format or reinstall the IT system, you will need to reinstall the browser add-on to disable Google Analytics. If you or another person within your control uninstalls or deactivates the browser add-on, it is possible to reinstall or reactivate the browser add-on. We also offer you the opportunity to opt out of the collection of website usage data for this website by clicking on the following link:

disable Google Analytics

Further information and Google’s applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

3.6. Newsletter
We would like to offer you the opportunity to subscribe to our newsletter. We process personal data as part of the registration and shipping procedures. In order to be able to verify your details, you will receive a confirmation email after your registration which we will use to verify whether you are the owner of the email address provided (so-called double opt-in procedure).

Purpose of processing: as part of the registration process, we need your email address to verify that you are the owner of the email address provided. We will then need your email address in order to send you our newsletter.

Legal basis: the legal basis for the processing of personal data based on your consent refers to Art. 6 (1) lit. a of the GDPR.

Storage period: we will delete your personal data at the latest as soon as the storage is no longer necessary. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

3.7. Newsletter Tool “MailChimp” / “Mandrill”
To send newsletters, we use the tools “MailChimp” and “Mandrill” (hereinafter called “MailChimp”) from the company Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service for managing email addresses and sending messages. MailChimp is a service primarily used for organising and analysing the sending of newsletters. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on the MailChimp servers in the USA. MailChimp is certified according to the so-called “EU-US Privacy Shield.” The “Privacy Shield” is an agreement between the European Union (EU) and the USA which is intended to ensure compliance with European data protection standards in the USA.

When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to the MailChimp servers in the USA. In this way, we can determine whether a newsletter message was opened and which links were clicked. In addition, technical information (e.g. time of retrieval, IP address, browser type and operating system) is recorded, whereby this information is used exclusively for the statistical analysis of newsletter campaigns.

If you do want an analysis from MailChimp, you will have to unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message. You can also unsubscribe from the newsletter directly via our website.

Purpose of processing: by analyzing newsletter campaigns, we are able to better manage our newsletter campaigns. The results of these analyses can be used to better tailor future newsletters to the interests of recipients.

Legal basis: the legal basis for the processing of personal data based on your consent refers to Art. 6 (1) lit. a of the GDPR.

Storage period: we will delete your personal data at the latest as soon as the storage is no longer necessary. The time shall be determined for the individual case, whereby the storage shall be terminated at the latest if any civil law claims according to § 199 of the German Civil Code (BGB) are statute-barred or criminal prosecution is also no longer possible due to statute of limitations (§§ 78, 79 of the German Criminal Code – StGB).

Further information: The following link will take you to MailChimp’s privacy policy: https://mailchimp.com/legal/terms/

4. Information on the Rights of Data Subjects

Due to the processing of your personal data, you are the person concerned as defined by the GDPR, and you are entitled to the following rights vis-à-vis us, whereby we are hereinafter referred to as the “Responsible Party”:

Right of access, Art. 15 of the GDPR
You have the right to request information from the Responsible Party as to whether he or she is processing personal data concerning you. If the answer is in the affirmative, you have the right to access information about the data specified in Art. 15 of the GDPR.

Right to rectification of personal data, Art. 16 of the GDPR
According to Art. 16 of the GDPR, you have the right to have your personal data corrected or completed if the personal data concerning you is incorrect or incomplete with regard to the Responsible Party.

Right to erasure (“right to be forgotten”), Art. 17 of the GDPR
In accordance with Art. 17 of the GDPR, you have the right to demand that the Responsible Party delete personal data relating to you.

Right to limitation of processing, Art. 18 of the GDPR
As the person concerned, under the conditions of Art. 18 of the GDPR, you have the right to require the Responsible Party to restrict the processing.

Right to information, Art. 19 of the GDPR
With regard to the Responsible Party in accordance with Art. 19 of the GDPR, you have the right to be informed about the recipients to whom the personal data concerning you have been disclosed and to whom the Responsible Party has informed of your assertion of the rights to correct, delete or restrict your data.

Right to data portability, Art. 20 of the GDPR
Under the conditions of Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You have the right, under the conditions of Art. 20 of the GDPR, to transmit this data to another responsible party without being hindered by the Responsible Party to whom the personal data was provided. You have the right to induce that the personal data be transferred directly from one responsible party to another responsible party, as far as this is technically feasible.

Right to object to processing, Art. 21 of the GDPR
According to Art. 21 of the GDPR, you have the right to object at any time to the processing of personal data concerning you which is processed on the basis of Art. 6(1) lit. e or 6(1) lit. f. This also applies to profiling based on these conditions. If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling to the extent that it is connected with such direct advertising.

Right not to be subjected to an automated decision including profiling, Art. 22 of the GDPR
As the person concerned, according to Art. 22 of the GDPR, you have the right not to be subjected to a decision based exclusively on automated processing – including profiling – which has legal effect on you or similarly significantly affects you.

Right to revoke the declaration of consent under data protection law, Art. 7 of the GDPR
According to Art. 7 of the GDPR, you reserve the right to revoke your consent to the processing of personal data concerning you at any time.

Right to lodge a complaint with a data protection supervisory authority, Art. 77 of the GDPR
Without prejudice to other judicial remedies, according to Art. 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data by us violates the GDPR.