Privacy Policy

Data Controller


The data controller pursuant to Article 4(7) of the GDPR and other data protection regulations is

Purité GmbH
Roonstraße 23a
76137 Karlsruhe

Website: www.global.puritetea.com
Email: info@puritetea.com
Telephone: +49 172 4300381

General

We collect various types of data on our websites. Some data is collected automatically when you use our services, for example through the use of so-called cookies. This automatically collected data is mostly of a general nature and primarily includes information regarding the duration and location of access.

In addition, with your consent, we collect personal data and data that you enter voluntarily when you wish to use certain services. It is possible to use our websites without providing personal data, but the scope of use may be significantly restricted in some cases.

You decide whether to consent to the use of various purposes and service providers the very first time you visit our website. With the exception of processing that is absolutely necessary for the operation of the website, it is up to you to decide which data processing you permit.

Due to numerous regulatory changes, a comprehensive body of data protection legislation has emerged in recent years, which is intended, on the one hand, to ensure data security and strengthen users’ rights, but which, on the other hand, has given rise to a flood of relevant terms. To make the following detailed explanations regarding collected data, legal regulations and rights more accessible, we have briefly summarised the most important of these terms below.

Definitions

In our privacy policy, we use terms that are used in the GDPR and defined therein. To ensure you understand what these terms mean, we would like to explain the most important ones.

Data processor
A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller and in accordance with its instructions.

Consent banner
As a user, you have the option to give your consent to processing operations requiring consent and to withdraw this consent at any time. You make this decision via the so-called consent banner, which is automatically displayed the first time you visit our websites and provides you with the most important information regarding data processing.

Cookies
Cookies are text files that contain data relating to websites or domains visited and are stored by a browser on users’ devices. A cookie primarily serves to store information about a user during or after their visit to an online service. The stored information may include, for example, language settings on a website, login status, a shopping basket or video interactions. The term ‘cookies’ also covers other technologies that perform the same functions as cookies (e.g. where user data is stored using pseudonymous online identifiers, also known as ‘user IDs’). Cookies are used to make websites more user-friendly. As cookies are stored on the user’s computer, you have control over them. You can adjust the settings in your web browser to manage the use and storage of cookies. However, disabling cookies will in most cases result in a limited user experience on our website.

Third party
A third party is a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.

Consent
Consent is an expression of self-determination under data protection law. It is the freely given, specific, informed and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them. Consent given may be withdrawn at any time with effect for the future.

Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, irrespective of whether they are a third party or not. However, public authorities which may receive personal data in the course of a specific inquiry mandate under Union law or the law of the Member States are not considered recipients.

Personal data
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. IP address or cookies) or to one or more specific characteristics that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Telecommunications and Telemedia Data Protection Act (TDDDG)
The TDDDG is a law designed to protect the integrity of the end device and thus the privacy of users. The legal basis for the storage and retrieval of information in the end user’s terminal equipment is consent, in accordance with Section 25(1) sentence 1 of the TDDDG. This consent is requested when the website is accessed.

Pursuant to Section 25(2)(2) of the TDDDG, consent is not required if the storage of information on the end-user’s device or access to information already stored on the end-user’s device is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user.  You can see from the cookie settings which cookies are classified as strictly necessary (often referred to as “technically necessary cookies”), and therefore fall under the exemption in Section 25(2) of the TDDDG and thus do not require consent. 

Please note that the legal basis for the subsequent processing of personal data is then derived from the GDPR. The relevant legal bases for the processing of personal data on this website are set out later in this privacy notice.

Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means. This essentially covers any handling of personal data, such as the collection, storage, alteration, use, transmission, dissemination, erasure or destruction of personal data.

Data controller
The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The controller must ensure the lawfulness of data processing by implementing technical and organisational measures that are regularly reviewed.

Data transfer outside the EU
The GDPR guarantees the same high level of data protection throughout the European Union. When selecting our service providers, we therefore rely on European partners wherever possible if your personal data is to be processed. Only in exceptional cases will we have data processed outside the European Union in connection with the use of third-party services.

We only permit the processing of your data in a third country if the specific requirements of Articles 44 et seq. of the GDPR are met. This means that the processing of your data may then only take place on the basis of specific safeguards, such as the EU Commission’s official recognition of a level of data protection equivalent to that of the EU, or compliance with officially recognised specific contractual obligations, known as ‘Standard Data Protection Clauses’.

Data collected automatically when using our website

When you use the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we collect only the personal data that your browser transmits to our server. This data will not be combined with other data sources without your consent.

When you visit our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:

  • the IP address of the accessing device or the proxy server used
  • the requested domain name
  • the name of the internet service provider (where transmitted in individual cases)
  • Date and time of access
  • the duration of the website visit
  • the pages accessed
  • the frequency of use within a specific period
  • the files accessed and related information
  • the website visited previously (referrer)
  • and the operating system used.

The temporary storage of the IP address by our system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The temporary storage or processing of these so-called server log data is absolutely necessary to ensure functionality and technical security, in particular to ward off and defend against attempts at attack or damage, and is carried out in accordance with our legitimate interest pursuant to Article 6(1)(f) of the GDPR. Where there are specific grounds for suspicion, the log data may be analysed retrospectively.

Your rights as a data subject

Under the EU General Data Protection Regulation, you, as a data subject, have various rights which you may exercise by contactinginfo@puritetea.com . These are set out below:

Right of access
You may request confirmation from us as to whether we are processing personal data relating to you. If such processing is taking place, you may request the following information from us:

  • the purposes for which the personal data is processed;
  • the categories of personal data being processed;
  • the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  • the envisaged period for which your personal data will be stored, or, if this is not possible, the criteria used to determine that period;
  • the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
  • the existence of a right to lodge a complaint with a supervisory authority
  • all available information regarding the origin of the data, where the personal data has not been collected from the data subject;
  • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and – at least in such cases – meaningful information about the logic involved, as well as the significance and the intended consequences of such processing for the data subject.

You also have the right to request information as to whether your personal data is being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards in accordance with Article 46 of the GDPR in connection with the transfer.

You also have the right to request that we rectify or complete your personal data if it is inaccurate or incomplete.

Right to lodge a complaint with the supervisory authority
If you believe that the processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority responsible for us:

The State Commissioner for Data Protection and Freedom of Information, Baden-Württemberg
PO Box 10 29 32
70025 Stuttgart
Tel.: 0711/615541-0
Email: poststelle@lfdi.bwl.de

The supervisory authority to which the complaint was submitted will inform you of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:

  • if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
  • if you have objected to the processing pursuant to Article 21(1) of the GDPR and it has not yet been determined whether our legitimate grounds override your grounds.

If the processing of your personal data has been restricted, such data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State. If processing has been restricted in accordance with the above conditions, we will inform you before the restriction is lifted.

Right to erasure
You may request that we erase your personal data without undue delay, and we are obliged to do so immediately if any of the following grounds apply:

  • Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing;
  • You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR;
  • Your personal data has been processed unlawfully;
  • The erasure of your personal data is necessary for compliance with a legal obligation under Union law or the law of the Member States to which the controller is subject;
  • Your personal data was collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

The right to erasure does not apply where processing is necessary:

  • for the exercise of the right to freedom of expression and information;
  • to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR, in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or for the establishment, exercise or defence of legal claims.

If you have exercised your right to rectification, erasure or restriction of processing against us, we are obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

Right to data portability
You have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that

  • the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR, or on a contract pursuant to Article 6(1)(b) of the GDPR, and
  • the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transferred directly by us to another controller, provided this is technically feasible. The freedoms and rights of other persons must not be adversely affected by this. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Further data processing

Contact
You may contact us via the contact form or the email address provided. In this case, the user’s personal data transmitted via email will be stored. Your data will not be disclosed to third parties in this context; the data will be used exclusively for the purpose of establishing communication.

The processing of personal data in this context serves solely to handle the contact request. The legal basis for processing the contact request and its handling is generally Article 6(1)(b) of the GDPR, and additionally Article 6(1)(f) of the GDPR.

Your data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data entered via the contact form and that sent by email, this is the case once the relevant conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved.

Advertising by email, telephone and post
We use your contact details for advertising purposes if you have consented to this (Art. 6(1)(a) GDPR), as well as for legally permissible direct marketing of our own and related products if you have provided this information when placing your order or registering (Art. 6(1)(f) GDPR in conjunction with Section 7(3) of the Unfair Competition Act (UWG)).

  • If you no longer wish to receive advertising, you can withdraw your consent at any time or object to direct marketing
  • by clicking on the unsubscribe link at the bottom of the email
  • by email to info@puritetea.com
  • in writing to our company address given at the beginning (please include your name and contact details)
  • or by telephone via the telephone number provided at the beginning

Your personal data will be passed on to our external and internal marketing and newsletter service providers and competition partners, provided they assist us with data processing. We contractually oblige them not to use the data for their own purposes or to pass it on to others. We will not pass on your data to third parties for advertising purposes without your express consent. The data we process will be deleted as soon as it is no longer required for its intended purpose and there are no legal retention obligations preventing its deletion.

Social media presence

We maintain a presence on social media. Where we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with. Below you will find the most important information regarding data protection in relation to our corporate social media accounts.

In addition to us, the following entities are responsible for our corporate social media accounts within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations:

  • Meta Platforms (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

You use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). Please note that your personal data may be processed outside the European Union in this context.

We process your personal data on the basis of our legitimate interests in effective information and communication in accordance with Article 6(1)(f) of the GDPR.

As we do not have full access to your personal data, you should contact the social media providers directly to exercise your data subject rights, as they have access to their users’ personal data and can take appropriate measures and provide information.

Should you nevertheless require assistance, we will of course endeavour to support you.

Analysis, tracking and third-party providers

In order to provide our digital services, to make the content technically available to you on the website, to ensure the security of the website, to rectify any errors and to carry out analyses, we and our partners use certain cookies and similar technologies.

To this end, we and our partners (“providers”) process personal data such as your IP address or ID and browser information. The legal basis for this processing is your voluntary consent, which may be withdrawn at any time, in accordance with Article 6(1)(a) of the GDPR.

In some cases, we or our partners (“providers”) process your data on the legal basis of legitimate interest, in accordance with Article 6(1)(f) of the GDPR. In this context, our legitimate interests include, amongst other things, session-based reach measurement, as well as the implementation of paywalls, which are absolutely necessary for the operation and refinancing of our digital offering.

Some of our service providers process your data outside the European Union. We only permit the processing of your data in a third country if the specific requirements of Articles 44 et seq. of the GDPR are met. This means that the processing of your data may then only take place on the basis of specific safeguards, such as the EU Commission’s official recognition of a level of data protection equivalent to that of the EU, or compliance with officially recognised specific contractual obligations, known as ‘Standard Data Protection Clauses’.

Purposes of data processing
Within the scope of our website, we and our partners (“providers”) pursue the purposes described below:

  • Functional:
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
  • Preferences:
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
  • Statistics:
    The technical storage or access that is used exclusively for statistical purposes.
  • Marketing:
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Information on the tools used for the purposes described can be found directly in our privacy settings.

Privacy settings

You can adjust and withdraw your consent to data processing requiring consent, for example for advertising tracking, at any time in the privacy settings.

Privacy Settings