PRIVACY POLICY

1. Information on the Collection of Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website. Below we would like to inform you about how we handle your personal data when using our website. Personal data refers to any data by which you can be personally identified.

1.2 The controller responsible for data processing on our website within the meaning of the General Data Protection Regulation (GDPR) is:

Hortinex GmbH

Managing Director: Tim Geers

Lohbecker Str. 101

49593 Bersenbrück

Phone: +49 (0) 173 3493950

Email: info@hortinex.com

VAT ID No.: DE370159138

1.3 To ensure the security of your data during transmission, we use encryption technologies corresponding to the current state of the art (e.g., SSL or TLS) via HTTPS.

2. Data Collection When Visiting Our Website

Each time our website is accessed, our system automatically collects data and information that your browser transmits to our server (so-called "server log files"). The following technically necessary data may be collected in this context:

− Browser types and versions used

− The operating system used by the accessing system

− The website from which an accessing system reaches our website (so-called referrer)

− The subpages accessed by an accessing system on our website

− The date and time of access to the website

− An Internet Protocol (IP) address

− The Internet service provider of the accessing system, and

− Other similar data and information that serve to avert danger in the event of attacks on our IT systems.

The legal basis for the processing is Art. 6 (1)(f) GDPR, based on our legitimate interest in improving the stability and maintaining the functionality of our website. Data will not be shared or used in any other way. Temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. For this purpose, the IP address must remain stored for the duration of the session.

We reserve the right to check the server log files retroactively if there are concrete indications of unlawful use. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data collection for the provision of the website, this occurs when the respective session is ended.

In the case of storage of the data in log files, this is the case after no later than seven days. Longer storage is possible. In this case, the IP addresses of users are deleted or anonymized so that assignment of the accessing client is no longer possible. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Therefore, the user has no right to object.

We use Algolia Instantsearch on our website, a search engine service provided by Algolia Inc. (“Algolia”) for searching and indexing content. By using Algolia Instantsearch, your IP address and your search query are transmitted to a server of Algolia and stored there for statistical purposes for 90 days. Please refer to Algolia’s Terms of Service and Privacy Policy.

Algolia does not transfer the collected data to third parties but processes it solely internally for statistical analyses and monitoring of its services.

3. Contact

If you contact us via the contact form, the data entered in the input mask will be transmitted to us and stored. The data collected can be seen from the respective input mask. If you contact us by email, only the data you provide there will be transmitted to us.

The data is used exclusively for processing the conversation and your request. The legal basis for processing the data is, in the case of user consent, Art. 6 (1)(a) GDPR. The legal basis for processing data transmitted by sending an email is Art. 6 (1)(f) GDPR. If the email contact aims at concluding a contract, the additional legal basis for processing is Art. 6 (1)(b) GDPR. The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection and no statutory retention obligations prevent deletion. For personal data from the contact form input mask and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed ended when the circumstances indicate that the relevant matter has been conclusively clarified. The user may revoke consent to the processing of personal data at any time. If the user contacts us by email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

4. Cookies

Our website uses cookies.

Cookies are text files stored on the user’s device. When a user accesses a website, a cookie may be stored on the operating system of the user. Some functions of our website cannot be offered without the use of cookies. For this, it is necessary for the browser to be recognized even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. Our legitimate interest in processing personal data pursuant to Art. 6 (1)(f) GDPR also lies in these purposes.

In addition, our website may use cookies that enable analysis of the user’s browsing behavior (so-called third-party cookies). Further information on scope, purpose, legal basis, and options to object can be found in the relevant sections of this Privacy Policy.

You as the user have full control over the use of cookies. By changing the settings in your Internet browser, you can disable, restrict, or delete the transmission of cookies. If you deactivate cookies for our website, not all functions of the website may be fully usable. The transmission of Flash cookies can be prevented by changing the settings of the Flash Player.

Help with settings can be found in the help menu of your browser or under the following links:

Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac

Opera: https://help.opera.com/en/latest/web-preferences/#cookies

Some of the cookies used here are deleted after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies). When cookies are set, certain user information such as browser and location data as well as IP address values are collected and processed to varying extents. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

5. Online Marketing

Use of Google Ads Conversion Tracking

This website uses the online advertising program "Google Ads" and, within the scope of Google Ads, the conversion tracking service of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Advertising for our offers is placed on external websites using advertising media (so-called Google AdWords). Our legitimate interest lies in showing you advertising that is of interest to you and in ensuring a fair calculation of advertising costs. The legal basis is Art. 6 (1)(a) GDPR, namely your explicit consent.
Google Ads uses cookies for conversion tracking, which are set when you click on a Google AdWords ad.

These cookies usually expire after 30 days and are not intended for personal identification. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across Ads customers' websites.

The information obtained in this way is used to generate conversion statistics for Ads customers about the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag.

You cannot be personally identified with this information.

If you wish to prevent tracking, you can deactivate the Google Conversion Tracking cookie in your Internet browser under user settings.

Data transfer to the United States is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/. You can find information on Google’s privacy policy here: http://www.google.de/policies/privacy/

You can permanently disable conversion cookies by adjusting your browser settings or by downloading and installing the browser plug-in available at the following link:

http://www.google.com/settings/ads/plugin?hl=de

In this case, certain functions of this website may not be available or may be limited.

6. Hotjar

We use Hotjar to better understand the needs of our users and to optimize the offering and user experience on this website. With Hotjar’s technology, we gain a better understanding of our users’ experiences (e.g., how much time users spend on which pages, which links they click, what they like and dislike, etc.), which helps us align our services with user feedback. Hotjar uses cookies and other technologies to collect data about the behavior of our users and their devices, in particular the device’s IP address (collected and stored only in anonymized form during your website usage), screen size, device type (unique device identifiers), information about the browser used, location (country only), and the preferred language for displaying our website. Hotjar stores this information in a pseudonymized user profile on our behalf. Hotjar is contractually prohibited from selling the data collected on our behalf.

For more information, please refer to the "about Hotjar" section on Hotjar’s help page.

7. OpenStreetMaps

We use the open-source map service “OpenStreetMaps” (also referred to as “OSM”) provided by the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom, to display geo-data. OSM is used to provide an interactive map on our website showing you how to find and reach us. This service enables us to make our website visually appealing by loading map material from an external server. The following data is transmitted to OSM’s servers when maps are displayed: the pages of our website that you have visited and the IP address of your device. The legal basis for processing your data in connection with the OSM service is Art. 6 (1)(f) GDPR (legitimate interest in data processing). The legitimate interest arises from our need for an attractive presentation of our online offering and the easy findability of the locations indicated on our website.

More information on the handling of user data can be found in OSM’s privacy policy:

https://wiki.osmfoundation.org/wiki/Privacy_Policy

8. Web Analytics Services

Google Universal Analytics

We use the web analytics service Google Analytics (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on this website.

Google Analytics uses cookies, which are text files stored on your computer that allow an analysis of your use of the website.

The information generated by the cookie about your use of this website (including the truncated IP address) is transmitted to and stored by Google on a server, with the possibility of transfer to the USA.

We use Google Analytics with the extension “_anonymizeIp()”, which ensures anonymization of the IP address by truncation and excludes direct personal identification. Therefore, within member states of the European Union or other contracting states of the Agreement on the European Economic Area, your IP address is shortened by Google. In exceptional cases, the full IP address may be transferred to a Google server, including in the USA, and shortened there. In these exceptional cases, processing is based on Art. 6 (1)(a) GDPR, i.e., your explicit consent.

On our behalf, Google uses this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website usage and internet usage to us. Your IP address transmitted by Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by adjusting your browser settings accordingly.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the following browser plugin:

http://tools.google.com/dlpage/gaoptout?hl=en

This website also uses Google Analytics for cross-device analysis of visitor flows conducted via a user ID. You can disable cross-device analysis of your usage in your customer account under “My Data” → “Personal Data.”

The transfer of data to the USA is based on the EU Commission’s Standard Contractual Clauses. Details can be found here:

https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en

Matomo

To design our websites according to demand, we use the web analytics tool “Matomo.” Matomo creates usage profiles based on pseudonyms. For this purpose, permanent cookies are stored on your device and read by us. This allows us to recognize and count returning visitors. We also use the Heatmap & Session Recording modules. The Matomo heatmap service shows us the areas of our website where the mouse is most frequently moved or clicked. The session recording service records individual user sessions. We can replay recorded sessions to analyze how our website is used. Data entered into forms is not recorded and is never visible.

Data processing is carried out based on your consent pursuant to § 25 (1) TDDDG, Art. 6 (1)(a) GDPR, provided you have given your consent via our banner. You can withdraw your consent at any time. Please adjust the corresponding settings via our banner.

For more information about Matomo’s terms of use and privacy regulations, please visit:

https://matomo.org/privacy/

9. Use of Payment Service Providers (Payment Services)

Stripe

If you choose a payment method offered by the payment service provider Stripe, payment processing will be carried out via Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. We will transmit the information you provide during the order process, along with information about your order (name, address, account number, bank code, if applicable credit card number, invoice amount, currency, and transaction number) to Stripe in accordance with Art. 6 (1)(b) GDPR. For more information about Stripe’s data protection, please visit: https://stripe.com/privacy#translation.

Stripe reserves the right to carry out a credit check based on mathematical and statistical procedures to safeguard its legitimate interest in assessing the user’s ability to pay. For the purpose of the credit check, Stripe may transmit the personal data required and received during payment processing to selected credit agencies, which Stripe will disclose to users upon request. The credit report may contain probability values (so-called score values). Where score values are part of the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data, among other factors, may be included in the calculation of the score values. The outcome of the credit check regarding the statistical probability of default is used by Stripe to decide on the authorization of the selected payment method.

You may object to this processing of your data at any time by sending a message to Stripe or to the credit agencies engaged.

However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.

10.    Newsletter

Newsletter Data

If you wish to receive the newsletter offered on the website, we require your email address as well as information that allows us to verify that you are the owner of the provided email address and consent to receiving the newsletter. No further data is collected or only on a voluntary basis. For sending the newsletter, we use newsletter service providers, which are described below.

CleverReach

This website uses CleverReach for sending newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (“CleverReach”). CleverReach is a service that organizes and analyzes newsletter distribution. The data you provide for subscribing to the newsletter (e.g., email address) is stored on CleverReach’s servers in Germany or Ireland.

Newsletters sent with CleverReach allow us to analyze subscriber behavior, such as how many recipients opened the newsletter and how often specific links were clicked. Using so-called conversion tracking, it can also be analyzed whether a predefined action (e.g., purchase of a product on this website) occurs after clicking a link in the newsletter. More information on data analysis by CleverReach newsletters is available at:

https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

Data processing is based on your consent (Art. 6 (1)(a) GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The lawfulness of data processing already carried out remains unaffected by the revocation.

If you do not want analysis by CleverReach, you must unsubscribe from the newsletter. Each newsletter includes a link for unsubscribing. The data you provide for newsletter subscription will be stored until you unsubscribe from the newsletter and then deleted from the distribution list. Data stored for other purposes remains unaffected.

After unsubscribing, your email address may be stored on a blacklist with us or the newsletter provider if necessary to prevent future mailings. Data in the blacklist is used only for this purpose and is not combined with other data. This serves both your interest and our legitimate interest in complying with legal requirements for sending newsletters (legitimate interest under Art. 6 (1)(f) GDPR). Storage in the blacklist is not time-limited. You may object if your interests outweigh our legitimate interest.

Further information can be found in CleverReach’s privacy policy:

https://www.cleverreach.com/de/datenschutz/.

Order Processing

We have concluded a data processing agreement with the above provider. This is a legally required contract ensuring that the provider processes personal data of our website visitors only according to our instructions and in compliance with the GDPR.

11.    Instagram

We use the technical platform and services of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland, for the provided information service.

Please note that you use this Instagram page and its functions at your own risk. This applies in particular to interactive functions (e.g., commenting or liking).

When visiting our Instagram page, Meta collects your IP address and other information stored as cookies on your device. This information is used to provide us, as operators of the Instagram page, with statistical information about the usage of the Instagram page.

The data collected about you in this context is processed by Meta Platforms Ireland Limited and may be transferred to countries outside the European Union. Meta’s privacy policy explains which information Instagram receives and how it is used, including how to contact Meta and adjust ad settings.

How Meta uses data from Instagram page visits for its own purposes, to what extent activities on the Instagram page are linked to individual users, how long Meta stores this data, and whether data is shared with third parties is not fully disclosed by Meta and is not known to us.

When accessing an Instagram page, your device’s IP address is transmitted to Meta. According to Meta, this IP address is anonymized (for “German” IPs) and deleted after 90 days. Meta also stores information about users’ devices (e.g., for the “login notification” feature); this may allow IP addresses to be linked to individual users.

If you are currently logged into Instagram, a cookie with your Instagram ID is stored on your device. This allows Meta to track your visit and usage of this page, including other Instagram pages. Embedded Instagram buttons on websites also allow Meta to track your visits and link them to your Instagram profile. These data may be used to tailor content or advertising to you.

To avoid this, log out of Instagram, disable the “stay logged in” feature, delete the cookies on your device, and restart your browser.

Information on managing or deleting data held by Instagram can be found on Instagram’s support pages.

As the provider of this information service, we do not collect or process any additional data from your use of our service.

12.    Rights of the Data Subject

Applicable data protection law grants you extensive rights as a data subject regarding the processing of your personal data by the controller (rights to access and intervention), which we inform you about below:

Right of access under Art. 15 GDPR:

You may request confirmation from the controller as to whether personal data concerning you is being processed. In addition, you have the right to information about the purpose, the categories of personal data, the recipients, the intended storage period, and the existence of other rights such as correction of data or the right to lodge a complaint with a supervisory authority, the source of your data if not collected by us, the existence of automated decision-making including profiling, and, if applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as your right to be informed about guarantees pursuant to Art. 46 GDPR when your data is transferred to third countries.

Right to rectification under Art. 16 GDPR:

You have the right to have incorrect personal data concerning you corrected without delay and/or to have incomplete data completed; the correction or completion must be carried out immediately.

Right to restriction of processing under Art. 18 GDPR:

You have the right to request the restriction of the processing of your personal data while the accuracy of your disputed data is verified, if you object to the deletion of your data due to unlawful processing and instead request the restriction of processing, if you need your data for the assertion, exercise, or defense of legal claims after we no longer need the data for its original purpose, or if you have objected for reasons of your particular situation, as long as it is not yet determined whether our legitimate grounds outweigh yours.

If the processing of your personal data has been restricted, such data may – aside from storage – only be processed with your consent, for asserting, exercising, or defending legal claims, to protect the rights of another natural or legal person, or for important public interest reasons of the Union or a member state. You will be informed by the controller before the restriction is lifted.

Right to erasure under Art. 17 GDPR:

You have the right to immediate deletion of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not apply, in particular, if processing is necessary for the exercise of the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.

Right to notification under Art. 19 GDPR:

If you have exercised your right to rectification, erasure, or restriction of processing, the controller is obliged to notify all recipients to whom your personal data was disclosed of this correction, deletion, or restriction of processing, unless this proves impossible or involves disproportionate effort. You also have the right to be informed of these recipients.

Right to data portability under Art. 20 GDPR:

You have the right to receive the personal data you provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller, insofar as technically feasible.

Right to withdraw consent under Art. 7 (3) GDPR:

You have the right to object at any time to the processing of your personal data based on Art. 6 (1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

You also have the right to revoke your data protection consent at any time with future effect. Revocation of consent does not affect the lawfulness of processing carried out based on the consent before its withdrawal.

Right to lodge a complaint under Art. 77 GDPR:

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your residence, workplace, or the location of the alleged violation, if you believe that the processing of your personal data violates the GDPR.

Right to object

You have the right to object at any time to the processing of your data with future effect if we process your data based on our overriding legitimate interest after a balancing of interests.

If you exercise this right to object, we will cease processing your data unless overriding compelling legitimate grounds can be proven, or if further processing is required for the exercise or defense of legal claims.

13.    Duration of Storage of Personal Data

The duration of storage of personal data depends on statutory retention periods. After these periods expire, we routinely delete the data if it is no longer required for the performance or initiation of a contract and/or if we have no legitimate interest in continued storage.