Data protection

1. Name and contact details of the person responsible


The responsible party for data processing on this website in accordance with the GDPR is Health Bar GmbH, Max-Beer-Strasse 31, 10119 Berlin, Germany, Email: info@health-bar.com.

 

2. Collection and storage of personal data as well as the type and purpose of their use


a. When visiting the website


When using our website for informational purposes only, we collect only the data that your browser transmits to the web server. By accessing our website, information is automatically sent to the server of our website by the browser used on your device. This information is temporarily stored in a so-called server log file.


The following information is collected without your intervention and stored until automated deletion:


  • IP address of the requesting computer

  • Date and time of access

  • Name and URL of the retrieved file

  • Website from which access is made (Referrer URL)

  • used browser and, if applicable, the operating system of your computer as well as the name of your access provider


Purposes of processing:


  • Ensuring a smooth connection establishment of the website

  • Ensuring a comfortable use of our website

  • Evaluation of system security and stability

  • For further administrative purposes


The processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest arises from the purposes mentioned above. In no case do we use the collected data to draw conclusions about your person. However, we reserve the right to review the server log files retrospectively if there are concrete indications of unlawful use.


b. When signing up for our newsletter


If you have expressly consented in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we will use your email address to regularly send you our newsletter. Providing an email address is sufficient for receiving the newsletter. You can unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can also send your unsubscribe request at any time to info@health-bar.com via email.


The delivery of our email newsletter is carried out by the provider Klaviyo, 225 Franklin St. Boston, MA 02110, USA.


Klaviyo processes your data, among other things, in the USA. The company is an active participant in the EU-US Data Privacy Framework, which regulates the secure and lawful transfer of personal data from EU citizens to the USA. For more information, please visit: https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en.


In addition, Klaviyo uses so-called standard contractual clauses according to Art. 46 para. 2, 3 GDPR. These contract templates provided by the EU Commission ensure that your data complies with European standards even when transferred to third countries. The standard contractual clauses are based on a corresponding implementing decision of the EU Commission, which you can view here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=en.


Further information on Klaviyo's data processing terms can be found at: https://www.klaviyo.com/legal/privacy/privacy-notice?tid=331740143506.


c. Collection and processing when using the contact form


When using the contact form, we collect your personal data (name, email address, message text) only to the extent you provide.


Data processing serves the purpose of contacting.


The data processing is based on Art. 6 para. 1 lit. b GDPR when the contact serves the performance of pre-contractual measures (e.g., consultation in case of purchase interest, preparation of offers) or concerns a contract already concluded between you and us.


If contact is made for other reasons, this data processing is based on Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your inquiry. In this case, you have the right to object to the processing of your personal data for reasons arising from your particular situation. We will only use your email address to process your inquiry. Your data will then be deleted in accordance with legal retention periods, unless you have consented to further processing and use.


d. Creation and use of customer account


When opening a customer account, we collect your personal data to the extent necessary to enable you to manage your orders and provide an optimized shopping experience. The data processing is based on Art. 6 para. 1 lit. a GDPR with your consent.



You can revoke your consent at any time and have your customer account deleted by sending us a message to the address mentioned above. After the deletion of your customer account, your data will be removed, unless there are legal retention obligations or legitimate interests on our part that oppose deletion.


To process your orders, we process your personal data. The processing is based on Art. 6 para. 1 lit. b GDPR and is necessary for the fulfillment of a contract with you. Without this information, we cannot process an order.


To process orders, we pass your data to the commissioned shipping company, dropshipping provider, payment service provider, order processing service provider, and IT service provider. This data transfer always takes place within the framework of legal regulations and is limited to the necessary minimum.


3. Transfer of Data


a. General Principles


The transmission of your personal data to third parties only occurs for the following purposes:


  • You have given your explicit consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

  • The disclosure is necessary under Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise, or defense of legal claims and there is no reason to assume that you have a predominant legitimate interest in not disclosing your data.

  • There is a legal obligation under Art. 6 para. 1 sentence 1 lit. c GDPR.

  • The transfer is necessary for the processing of contractual relationships according to Art. 6 para. 1 sentence 1 lit. b GDPR.

 

b. Data transfer to third countries


As part of our business relationships, your personal data may be shared or disclosed to third parties. These may also be located outside the European Economic Area (EEA), that is, in third countries.

Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. It is based on Art. 6 para. 1 lit. b or f, in conjunction with Art. 44 et seq. GDPR.


The European Commission certifies certain third countries with so-called adequacy decisions that provide a level of data protection comparable to the EEA standard. A list of these countries as well as copies of the adequacy decisions can be found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en 


In other third countries to which personal data may be transferred, there may not be a consistently high level of data protection. In such cases, we ensure that data protection is sufficiently guaranteed through appropriate safeguards. This can be achieved, for example, through binding corporate rules, standard contractual clauses of the European Commission, certificates, or recognized codes of conduct.


4. Payment Processing


To process payments, we work with external payment service providers. Your payment data will be transmitted to the respective payment service providers depending on the selected payment method. The processing is based on Art. 6 para. 1 sentence 1 lit. b GDPR.


The service providers used are as follows:

 

  • Shopify International Limited

https://www.shopify.com/de/legal/datenschutz

  • PayPal (Europe) S.à r.l. and Cie, S.C.A., Limited Partnership by Shares

https://www.paypal.com/de/legalhub/paypal/privacy-full

  • Klarna Bank AB (publ)

https://www.klarna.com/de/datenschutz/

  • Google Ireland Limited

https://policies.google.com/privacy

  • Apple Inc.

https://www.apple.com/de/legal/privacy/


Your payment data will be used solely for processing the transaction and not for any other purposes. Detailed information on data processing by the payment service providers can be found in their privacy policies.


5. Cookies


The website informs you on your first visit from one of your devices that so-called cookies may be loaded onto your computer when using the website. We ask for your consent to use cookies via a cookie consent banner.


Cookies and Flash Cookies are alphanumeric identification characters that are transmitted to the hard drive of your computer when you access our website. They allow your browser to be recognized during a later visit to the website and primarily serve to make your online visit more pleasant and personalized. Cookies enable us to recognize you as a specific user and to store your preferences when using the website. This has the main advantage for you that you do not have to re-enter the information contained in the cookies with each visit to the website.


You can completely disable the use of cookies at any time in the settings of your browser program. The help function in the menu bar of the web browser explains how to configure your browser so that new cookies are never accepted. Similar functions like Flash cookies, which are used by browser add-ons, can be disabled or deleted by changing the settings of the browser add-on or through the website of the manufacturer of the browser add-on.


Session cookies also require your prior consent, even if they are deleted after leaving the website. These allow you to use essential functions of our offering, so we recommend that you configure your browser in such a way that cookies are not automatically rejected, but that you can decide on a case-by-case basis. We would like to point out that some areas of the website may not function properly if your browser is set to directly refuse cookies or similar mechanisms, or if you do not consent to the cookie consent.


6. Analyse-Tools


a. Web tracking with Google Analytics


This website uses Google Analytics, a web analytics service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The use of the tool is intended to analyze user interactions on our website and in apps. With the statistics and reports obtained, we aim to optimize our offerings and make them more attractive for you as a user.


To capture interactions between you and our website, we primarily use cookies, device data, browser information, IP addresses, and information about website or app activities. Google Analytics also captures your IP address to ensure the security of the service and to determine the user's location (country, region, place). However, to protect your privacy, we use the anonymization feature ("IP Masking"), which truncates IP addresses within the EU/EEA by the last octet.


Google acts as a processor in this context, and we have entered into a corresponding contract with Google. The information generated by cookies, as well as the (anonymized) IP addresses, are usually transmitted to servers of Google in the USA and processed there. Google states that it adheres to standards that correspond to those of the former EU-US Privacy Shield and is committed to complying with applicable data protection laws in international data transfers. Additionally, we have agreed on standard contractual clauses with Google to ensure an adequate level of data protection in third countries. The basis for data collection and processing, which occurs for a maximum of 14 months, is your explicit consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time without affecting the lawfulness of the processing until the point of withdrawal. In mobile apps, you can reset the advertising ID through the settings of your Android or iOS device. The easiest way to withdraw your consent is through our consent manager or by installing the Google browser add-on, which is available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.


Detailed information about the features and conditions of Google Analytics can be found at https://marketingplatform.google.com/about/analytics/terms/de/ . Information on data processing by Google in connection with the use of Google Analytics is provided by Google here: https://support.google.com/analytics/answer/6004245?hl=de. The general privacy policy of Google, which also applies to Google Analytics, can be found at: https://policies.google.com/privacy?hl=de&gl=de.


b. Shopify Analytics


This website uses Shopify Analytics, a web analytics service provided by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify"). The use of this tool is intended to analyze user interactions on our website and in apps. With the statistics and reports obtained, we aim to optimize our offerings and make them more attractive for you as a user.


To capture interactions between you and our website, we primarily use cookies, device data, browser information, IP addresses, and information about website or app activities. Google Analytics also captures your IP address to ensure the security of the service and to determine the user's location (country, region, place).


Shopify acts as a processor in this context, and we have entered into a corresponding contract with Shopify. The information generated by cookies as well as the IP addresses are usually transmitted to servers of Shopify and processed there. The servers of Shopify are located in several regions, including Europe, Canada, the USA, and Singapore. Shopify uses the Google Cloud Platform to ensure a reliable and scalable infrastructure. New merchants in Europe have their store data, order data, and customer data stored in Europe by default. The basis for data collection and processing, which occurs for a maximum of 14 months, is your explicit consent (Art. 6 para. 1 sentence 1 lit. a GDPR). You can withdraw your consent at any time without affecting the lawfulness of the processing until the point of withdrawal. In mobile apps, you can reset the advertising ID through the settings of your Android or iOS device. The easiest way to withdraw your consent is through our consent manager.


Detailed information about the features and conditions of Shopify Analytics can be found at https://help.shopify.com/de/manual/reports-and-analytics/shopify-reports/overview-dashboard#customers. Information on data processing by Google in connection with the use of Google Analytics is provided by Google here: https://www.shopify.com/de/legal/datenschutz.

 

c. Rakuten Advertising


This website uses services from Rakuten Advertising, an online advertising company of Rakuten Marketing LLC, 215 Park Avenue South, 11th Floor, New York, NY 10003, USA ("Rakuten"). Rakuten offers services such as affiliate marketing, performance marketing, personalized advertising, as well as measurement and reporting. The use of these services is intended to measure the effectiveness of our advertising measures and to optimize our offerings for you.


Rakuten collects various categories of personal data, including:


  • Online identifiers: This includes information such as your IP address, unique device identifiers (e.g.B. Advertising IDs such as IDFA for iOS and AAID for Android), browser type and language, operating system, connection type (e.g.B. wired or WLAN), region, general geographical location, and if applicable, your mobile service provider.

  • Commercial information: Information about products and services that you have viewed, purchased, or considered on the websites, applications, or media platforms of our business partners.

  • Internet activities: Data about your behavior on the websites, applications, or media platforms of our business partners and other third parties that interact with Rakuten's services. This includes information about the websites you visit, access times, the website you came from before clicking on an ad, the website you visit after clicking on an ad, interaction data with ads, and your geographic location (latitude and longitude).


Rakuten uses this information to provide personalized advertising, measure the effectiveness of advertising campaigns, and create reports for us as advertisers. The processing of this data is based on your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. You can withdraw your consent at any time via our Consent Manager, without affecting the legality of the processing that has taken place up to that point.


For more information about Rakuten Advertising's privacy practices, please see their privacy policy: https://go.rakutenadvertising.com/hubfs/Services-Privacy-Policy-English.pdf. Information about your privacy rights and options to disable data collection by Rakuten can be found at: https://rakutenadvertising.com/legal-notices/services-privacy-rights-request/

 


7. Use of social media plug-ins


We are currently using the following social media plugins: Meta (Facebook and Instagram) https://apps.shopify.com/facebook?locale=en and Pinterest https://apps.shopify.com/pinterest?locale=en, which are only loaded if you have previously activated the function through your consent. Product information is transmitted to the providers via the plugins, which create personalized ads from it. Additionally, cookies are set by the providers when you come from Facebook, Instagram, or Pinterest to track visits to the website. The legal basis for the use of the plugins is Art. 6 para. 1 sentence 1 lit. a GDPR, meaning that integration only occurs with your consent.


(2) The plug-in provider stores the data collected about you as usage profiles and uses this for advertising, market research, and/or tailored design of its website. Such evaluation is carried out in particular (also for non-logged-in users) to display targeted advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective plug-in provider to exercise this right. Data sharing occurs regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, the data we collect about you is directly linked to your existing account with the plug-in provider. If you activate the button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. We recommend that you regularly log out after using a social network, especially before activating the button, as this can help you avoid linking to your profile with the plug-in provider.

The collected information is stored on the providers' servers, including international providers outside of Europe. In these cases, the provider has imposed a standard on itself that corresponds to the former EU-US Privacy Shield and has committed to complying with applicable data protection laws during international data transfers. We have also agreed on so-called standard data protection clauses with the providers, the purpose of which is to ensure an adequate level of data protection in the third country.


The withdrawal of your consent is possible at any time, without affecting the legality of the processing until the withdrawal. You can most easily carry out the withdrawal through our consent manager or through the functions of the social media providers.


Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the privacy policies of these providers provided below. There you will also find further information about your rights in this regard and options for protecting your privacy. Addresses of the respective plug-in providers and URLs of the respective privacy notices:


Meta Platforms Technologies Ireland Limited, Merrion Road, Dublin 4 D04 X2K5, Ireland: https://www.facebook.com/privacy/policy


Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland: https://policy.pinterest.com/de/privacy-policy


8. Rights of the Data Subject


According to the GDPR, you as the data subject have rights regarding your processed personal data. You can assert these rights at any time against us using the contact details provided at the beginning. As a data subject, you have the following rights:


  • according to Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about the details thereof;

  • to request the immediate correction of inaccurate or completion of your personal data stored with us in accordance with Art. 16 GDPR;

  • according to Art. 17 GDPR to request the deletion of your personal data stored with us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;

  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, as far as the accuracy of the data is contested by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you need it for the establishment, exercise, or defense of legal claims, or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

  • according to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller;

  • according to Art. 7 para. 3 GDPR, you can revoke your consent given once at any time against us. This means that we are no longer allowed to continue the data processing that was based on this consent in the future and

  • according to Art. 77 GDPR to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or workplace or our company's registered office for this purpose.

   

9. Right of objection


If your personal data is processed on the basis of legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right to object, which will be implemented by us without the need to specify a particular situation.


If you would like to exercise your right of withdrawal or objection, an email to info@health-bar.com is sufficient.

 

10. Data security


To protect your data, we use the widely used SSL procedure (Secure Socket Layer) during your visit to the website, in conjunction with the highest encryption level supported by your browser. You can recognize an encrypted transmission by the closed representation of the key or lock symbol in the address or status bar of your browser.


We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in accordance with technological developments.


11. Duration of data processing


The storage duration of your personal data is determined by the respective legal basis, the purpose of processing, and, if applicable, the relevant statutory retention periods.


Data processed based on your consent pursuant to Art. 6 para. 1 lit. a GDPR will be stored until you revoke your consent. If data is processed for the fulfillment of a contract or the initiation of a contract in accordance with Art. 6 para. 1 lit. b GDPR, it will be stored as long as necessary for these purposes. After the expiration of statutory retention periods, we routinely delete the data unless legitimate interests argue for a longer storage. If we process data based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, we will store it until you exercise your right to object according to Art. 21 para. 1 GDPR. However, if there are compelling legitimate grounds for processing, or if it is necessary for the assertion, exercise, or defense of legal claims, the storage will remain. Data used for direct marketing purposes will be stored until you object to the processing in accordance with Art. 21 para. 2 GDPR.


Unless other specific deadlines are mentioned, we delete personal data as soon as it is no longer necessary for the purposes for which it was collected or processed.


12. Currentness and Amendment of this Privacy Policy


This privacy policy is currently valid and is dated February 2025. Due to the further development of our website or changes in legal requirements, it may become necessary to adjust this privacy policy. You can view, retrieve, and print the current privacy policy at any time on this website.