Customer Information on Data Protection

Information on data protection pursuant to Articles 13 and 14 of the GDPR for customers and other data subjects

The following information is intended to inform you about the processing of your personal data and to provide you with an overview of your rights under the EU General Data Protection Regulation (GDPR).

Please note that not all parts of this notice will apply to you, as the specific data processed and the manner in which it is used depend largely on the agreed services.

I. Name and contact details of the data controller

These information obligations apply to the following companies:
Purité GmbH
Roonstraße 23a
76137 Karlsruhe

Website: www.global.puritetea.com
Email: info@puritetea.com
Telephone: +49 172 4300381

II. What data do we use and where does it come from?

As part of our business relationship, we process the following personal data relating to you

  • Master data (first name and surname, address, date of birth and nationality)
  • Contact details (email address, telephone number)
  • Identification data (e.g. ID details)
  • Bank and payment data (e.g. IBAN, creditworthiness data, scoring or rating data)
  • Marketing and sales data, e.g. marketing consents
  • Documentation data (e.g. consultation records)
  • as well as other data comparable to the categories mentioned

We generally receive the aforementioned personal data directly from you as a customer within the framework of our business relationship. In addition, to the extent necessary for the provision of our services, we process personal data that we lawfully obtain from publicly accessible sources (e.g. debtors’ registers, land registers, commercial and associations registers, the press, the internet) or that is lawfully transmitted to us by other companies within the Group or by other third parties.

III. Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Within the framework of our business relationship, you must provide this personal data, as without it we will generally not be able to conclude, perform or terminate a contract with you.

1. Fulfilment of contractual obligations (Art. 6(1)(b) GDPR)
Your data is processed in the context of the performance of our contracts with our customers or for the implementation of pre-contractual measures carried out upon request.

Payment transactions within our website are essential for the performance of the contract. External payment service providers are used for this purpose. The payment service providers used (including PayPal and Visa) collect and process the data required for the transaction, such as contact details, bank details/credit card numbers, passwords and contract details. The data collected is processed and stored solely by the selected service provider. This means that we do not receive or store any transaction data. The respective payment service provider only sends us information confirming the payment. Individual payment service providers may, under certain circumstances, transfer your personal data to credit reference agencies for the purpose of a credit check.

2. Consent (Art. 6(1)(a) GDPR)
Where you have given us your consent to process personal data for specific purposes (e.g. sharing data within the group, analysing data for marketing purposes, photographs taken at events, sending newsletters), the lawfulness of this processing is based on your consent. Consent given may be withdrawn at any time. Please note that the withdrawal of consent only applies prospectively and does not affect the lawfulness of data processed prior to the withdrawal.

3. Balancing of interests (Art. 6(1)(f) GDPR)
Where necessary, we process your data beyond the actual performance of the contract to safeguard our legitimate interests or those of third parties. These may include, amongst other things:

  • Identification of creditworthiness or default risks
  • Measures for business management and the further development of services and products
  • We send promotional information on the basis of our legitimate interest (existing customer exception under Section 7(3) of the German Unfair Competition Act (UWG) and/or Article 6(1)(f) of the GDPR).

IV. Data access: Who receives my data?

Within the company, access to your data is granted to those departments that require it to fulfil our contractual and legal obligations. Service providers and agents engaged by us may also receive data for these purposes. These include, amongst others, IT services, telecommunications, debt collection, as well as sales and marketing.

In the event that data needs to be disclosed to third parties outside our company, this will only take place if required by law, if the customer has given their consent, or if there is a legitimate interest. This includes public authorities and institutions where there is a legal or regulatory obligation.

Other recipients of data may be those bodies for which you have given us your consent to data transfer, or for which you have released us from the obligation of confidentiality in accordance with an agreement or consent, or to which we are authorised to transfer personal data on the basis of a balancing of interests.

V. Data transfer to a third country or to an international organisation

Data may be transferred to entities in countries outside the European Union (so-called third countries) where this is necessary to fulfil your orders, where it is required by law (e.g. tax reporting obligations), or where you have given us your consent.

Furthermore, a transfer to entities in third countries is envisaged in the following cases: where necessary in individual cases, your personal data may be transferred to an IT service provider in the USA or another third country to ensure the company’s IT operations in compliance with European data protection standards.

VI. How long will my data be stored?

We process and store your personal data for as long as is necessary to fulfil our contractual and legal obligations. If the data is no longer required to fulfil contractual or legal obligations, it is regularly deleted, unless its – temporary – further processing is required by law, such as to fulfil commercial and tax law retention obligations .

VII. What data protection rights do you have?

As a data subject, you have

  • the right of access under Article 15 of the GDPR (subject to the restrictions under Sections 34 and 35 of the BDSG-Neu)
  • the right to rectification under Article 16 of the GDPR
  • the right to erasure under Article 17 of the GDPR (subject to the restrictions set out in Sections 34 and 35 of the BDSG-Neu)
  • the right to restriction of processing under Article 18 of the GDPR
  • the right to data portability under Article 20 of the GDPR
  • as well as the right to object under Article 21 of the GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (objections may be submitted informally toinfo@puritetea.com ).

You also have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG-neu):

The State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Telephone: 0711 / 615541-0
Email:poststelle@lfdi.bwl.de
Website: https://www.baden-wuerttemberg.datenschutz.de

IX. Is automated decision-making and profiling carried out?

Automated decision-making within the meaning of Article 22 of the GDPR is not generally used for the establishment and conduct of the business relationship. Should we use these procedures in individual cases, we will inform you separately about this and your rights in this regard, provided this is required by law.