Many thanks for visiting our web page. We at Weleda Inc. (“Weleda” or “we”) value and share your (“You” or “Your”) concerns about privacy. Compliance with statutory data protection provisions is particularly important to us. The aim of this data privacy policy (the “Privacy Policy”) is to inform You as the user of Weleda’s website of the nature, scope and purpose of personal data processing and your existing rights.
This Privacy Policy describes the types of personal information we obtain about customers, how we use the information and with whom we share it. It also describes the measures we take to protect the security of information and how You can contact us about our privacy practices. This Privacy Policy applies to personal customer information obtained by Weleda, including through www.Weleda.com or our mobile applications (“apps,” which together may collectively be referred to as the “Site”), emails, and widgets (all of which may collectively be referred to as the “Services”).
Our Services are for a general audience and are not targeted towards children. We do not knowingly collect personal information from children under 13 years of age.
We have developed the Services in such a way as to ensure we collect as little data from You as possible. It is possible in principle to visit our Site without entering any personal data. The processing of personal data is only necessary if you decide to use certain services (e.g. using the contact form). In doing so, we make sure at all times that we only process Your personal data in accordance with a legal basis or consent given by You and adhering to the provisions of any applicable legislation on data protection.
2. Definitions
The terms used in this Privacy Policy are defined as follows:
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as a “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Weleda is the controller for purposes of this Privacy Policy.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with applicable law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Consent
When You visit our Site, we will sometimes collect certain personal data concerning You. We require your consent to do this. This takes place in the first instance in our dialogue and service area specifically when contact is made via a contact form, a newsletter is ordered, when booking queries are made, or when our services are used (e.g. pregnancy calendar or subscription service).
Declaration of consent
By using the forms we provide, you thereby consent to us collecting the personal data you provide and processing it as indicated in this data protection policy. You may withdraw this consent at any time with effect for the future by providing us with a relevant statement. However, please note that it is no longer possible to use our service without your consent. To withdraw, please contact us by emailing [email protected] stating your name, email and postal address and desire to withdraw your consent from our privacy policy.
4. Purpose of Personal Data Processing
We process personal data required to legitimize, perform or process our Services. We may also use external service providers as part of commissioned data processing.
We collect, process and use the personal data exclusively for the following purposes:
when contact is made and for related correspondence (based on your consent)
dealing with your request and to provide you with any additional advice you require (based on your consent)
sending our newsletter, the subscription service (based on your consent)
to ensure that our Site is presented to you in the most effective and interesting way (e.g. through anonymized evaluation)(based on our legitimate business interests)
for technical implementation of our Services (based on our legitimate business interests)
registration as a Weleda user; taking part in product reviews (based on your consent)
participation in competitions (based on your consent)
optimizing your shopping experience by sending targeted advertisements and shopping cart reminders
5. Information We Collect
We only collect and process Your personal data when it is freely provided by You with Your knowledge, e.g. by completing forms or sending emails.
This initially concerns the following data in the forms provided. Fields with star (*) are required:
General contact information:
Form of address
*First name
*Last name
Telephone number
*Email address
Street
House number
Zip code
Town/city
Request
Message
Month and date of birth
Weleda newsletter:
Form of address
*First name
*Last name
*Email address
Weleda subscription service:
Form of address
First name
Last name
Telephone number
Email address
Street
House number
Zip code
Town/city
Weleda user account:
Form of address
*First name
*Last name
*Email address
Password
Weleda events:
Date
Number of people
*First name
*Last name
Telephone number
Email address
Street
House number
Zip code
Town/city
Notes
The personal data You provide and the content thereof shall remain exclusively with us and our associated companies. We shall only store and process Your data for the purposes stated in this Privacy Policy. Any use beyond the indicated purpose requires your express consent. The same also applies to the transfer and transmission of your data to third parties.
6. General log files
The connection data for the querying computer (IP address), which of our pages You visit, the date and duration of Your visit, the identification data of the browser and operating system type used, the web page You are visiting us from and successful access are temporarily recorded by the web server in protocol files (log files). Technical administration of web pages and anonymous collection of statistics allows evaluation of access to the Weleda Services and evaluation aimed at improving data protection and data security within our company, in order to ultimately ensure an optimum level of protection for the personal data we process.
The server log file data is stored separately from all the personal data You enter for a minimum period of 12 months for analytical purposes.
7. Cookies
We use cookies and similar technologies in order to be able to offer You a personalized online experience. The information we obtain in this manner may include IP address, mobile device advertising ID, browser characteristics, device characteristics, operating system, language preferences, referring URLs, information on actions taken on our Services, and dates and times You access or use the Services. In connection with our app, we also may obtain Your phone number and details about Your mobile carrier.
A “cookie” is a file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon”, also known as an Internet tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. Through these automated collection methods, we obtain “clickstream data,” which is a log of the links and other content on which a visitor clicks while browsing a website. As the visitor clicks through the Site or a third-party website or application, a record of the action may be collected and stored.
We may link certain data elements obtained through automated means, such as Your browser or device information, with other information we have obtained about You to let us know, for example, whether You have opened an email we sent to You, what search queries You may have run and what advertisements You may have seen on our Services or on third-party websites and apps.
You can find out about the use of cookies from the Digital Advertising Alliance at www.aboutads.info and adjust Your settings accordingly. Your browser may tell You how to be notified when You receive certain types of cookies or how to restrict or disable certain types of cookies. You also may be able to delete Your Flash cookies or adjust Your Flash cookie settings by visiting the Adobe Flash Website Storage Settings Panel and Global Storage Settings Panel. Please note, however, that without cookies You may not be able to use all of the features of our Services. Your device settings also may allow You to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with us through our apps or other app developers.
Please click on the link below to adjust your Cookies Settings.
8. Social Plugins
This Site has integrated social media/social sharing functions. However, to protect web page users, Weleda has chosen to use Shariff script.
Weleda does not record any personal data through the social plugins or regarding their use itself. To prevent data from being transferred to service providers without Your knowledge, Weleda uses what is known as the Shariff solution. This solution ensures that no personal data is passed on to the providers of the individual social plugins to begin with if You visit this Site. Data can only be transferred to the service provider and stored there if you click on one of the social plugins.
When You register for an email newsletter, Weleda requires Your form of address, name and the email address the newsletter should be sent to. Any other information is provided voluntarily and is used to address You personally and to be able to personalize the newsletter and answer queries on the email address.
If You register for the newsletter on this Site, Weleda uses the data You enter for this purpose, to inform You of relevant circumstances concerning this service or its registration, and to also send targeted advertisements and marketing emails to You based on Your purchase history, purchase frequency and other factors. For example, if You have purchased a specific product in the past and that product comes back on the market after being out of stock, Weleda may send you an email notifying You that the product is back in stock. Weleda passes this data on to the third-party provider Salesforce for newsletter mailing management and implementation. Weleda has concluded an agreement on the commissioned order processing procedure with Salesforce, its email marketing service provider. This ensures that said service provider complies with the strict specifications of data protection law in every aspect when managing and implementing the newsletter mailing.
A valid email address is required to receive the newsletter. The IP address You use to register for the newsletter and the date You order the newsletter are also stored. This data shall serve as evidence for Weleda in case of misuse, or in case an unknown email address is registered for the newsletter. As part of this procedure, the ordering of the newsletter is recorded.
You may at any time withdraw Your consent to the storage of the data, Your email address and its use for newsletter delivery with effect for the future. Weleda provides a link You can use for said withdrawal in every newsletter. You can also communicate Your request for withdrawal in writing to the contact options listed in the newsletter.
11. Product Reviews
You can review cosmetics products on this Site. The review is left under Your full first name and the first letter of Your surname. Accordingly, You must use Your first name and surname and Your email address to set up a user account and/or log in. The pseudonym in the form of Your complete first name and the first letter of Your surname is inserted as the author of a review and the associated identifying details are only known to the administrator. Your review/rating may be checked prior to publication.
In the event that You provide us with sensitive data as part of the review, we may also use Your sensitive data (e.g. in the case of images or the text description), such as information on health or information on ethnic or racial origin, particularly in the case of products for sensitive skin.
12. Weleda Product Testers
If You have been selected as a Weleda product tester, we store Your postal address as well as Your first and last names. We only use Your postal address to send You the product to be tested and, where necessary, the jackpot.
13. Competitions on the Site, Facebook, Instagram or TikTok
Personal data is stored for the duration of the competition in order to dispatch any prizes. Once the competition is over, the data is erased. In some individual cases, the data is passed on to external service providers. The participant may withdraw their consent to storage at any time by contacting [email protected] and thereby end their participation in the competition.
The participant also agrees that, for relevant competitions, the photo or product review they upload with their full first name and the first letter of their surname may be published in conjunction with the competition and with any prize awarded, following our approval, on the Weleda Site or Weleda’s Facebook, Instagram or TikTok presence. The participant themself is responsible for the lawfulness of the photos uploaded, particularly with regard to image rights. Weleda reserves the right not to approve photos or text with content that is obviously illegal (these photos are not displayed in public and are excluded from the competition).
14. Integration of Third-Party Content and Services
Our website uses content and services from other providers. These include, for example, maps and videos provided by Google Maps and YouTube. The IP address must be transmitted in order to ensure that this data can be accessed and displayed in the user’s browser. The providers (hereinafter referred to as ‘third-party providers’) therefore use the user’s IP address. Although we endeavor only to use third-party providers which only require the IP address to provide content, we have no influence on whether the IP address may be stored. This process may take place for statistical purposes, among others. If we become aware that the IP address is stored, we shall inform you.
14.1. Use of Google Analytics
This web page uses Google Analytics, a web analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
Google Analytics also uses cookies to enable analysis of Your use of the web page.
IP anonymization is activated on our web page, meaning that Your IP address is shortened by Google. Google will use this information on our account to evaluate your use of the Site, compile reports on Site activities and provide additional services associated with Site use and Internet use to us as the web page operator. The IP address transmitted by Your browser as part of Google Analytics is not combined with other data from Google.
You can prevent the storage of cookies using the relevant setting in Google Chrome; however, please note that in this case, You may not be able to use all functions of this web page to their full extent.
You can also prevent the collection of the data extracted by the cookie concerning Your use of the web page (including your IP address) at Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Alternatively, You can also stop the recording of data by Google Analytics by using what is known as an ‘opt-out cookie’ by clicking here (link must be accessed via Google Chrome). If you erase the cookies in Your browser, You must click on this link again (while using Google Chrome).
This Site uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘DoubleClick’).
DoubleClick uses cookies to place relevant ads for the user, improve reports on campaign performance, or prevent a user from seeing the same ads over and over again. Google uses a cookie ID to record which ads are placed in which browser and can therefore prevent these from being displayed repeatedly.
DoubleClick can also use cookie IDs to record what are known as conversions, which are linked to ad requests. This is what occurs when a user sees a DoubleClick ad and later uses the same browser to access the advertiser's website and purchase something from it. According to Google, DoubleClick cookies do not contain any personal information.
Due to the marketing tool being used, Your browser automatically forms a direct connection to the Google server. We have no influence on the scope and further use of data which is collected through the use of this tool by Google and therefore inform You of what we know: The integration of DoubleClick tells Google that You have accessed the relevant part of our online presence or have clicked on one of our ads. If You are registered with a Google service, Google can assign the visit to your account. Even if You are not registered with Google and/or have not logged in, the provider may still find out Your IP address and store it.
If You would like to opt out of this tracking procedure, You can deactivate cookies for conversion tracking by adjusting your browser’s settings to block cookies from the domain www.googleadservices.com and/or via https://www.google.com/settings/ads. This setting will be erased if You erase Your cookies. Alternatively, You can find out about the use of cookies from the Digital Advertising Alliance at www.aboutads.info and adjust Your settings accordingly. Finally, You can adjust your browser settings so that you are informed when cookies are used and can decide whether to accept them individually, whether to accept them in certain cases, or whether to opt out of them in general. If You refuse to accept cookies, the functionality of our Site may be limited.
On this web page, we also use the reCAPTCHA function provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This function serves first and foremost to decide whether input is made by a natural person or improperly by means of mechanical and automated processing. The service includes sending Google the IP address and any additional data required by Google for the reCAPTCHA service.
On this Site, we also use Google Maps (API), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Maps is a web service which displays interactive maps in order to display visual representations of geographical information. This service is used to show You our location and make it easier to get to us.
When You access the portion of the Site featuring integrated Google Maps, information on Your use of our Site (such as your IP address) is sent to Google servers and stored there. This occurs irrespective of whether You are logged into a user account provided by Google or You do not have a user account. If You are logged into Google, Your data is directly assigned to Your account. If you do not wish it to be assigned to Your Google profile, You must log out before activating the button. Google stores Your data (even for users who are not logged in) as usage profiles and evaluates these. You have the right to object to the creation of these usage profiles. To exercise this right, you must approach Google.
If You do not agree to Your data being transmitted to Google in future in conjunction with the use of Google Maps, You can also fully deactivate the Google Maps web service by turning off the JavaScript application in Your browser. Google Maps and the map display on this Site can then no longer be used.
We use Mouseflow in order to better understand our users’ needs and to optimize the Services and experience. Mouseflow is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our Services with user feedback. Mouseflow uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device's IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Mouseflow stores this information in a pseudonymized user profile. Neither Mouseflow nor we will ever use this information to identify individual users or to match it with further data on an individual user.
You can opt-out to the creation of a user profile, Mouseflow’s storing of data about Your usage of our site and Mouseflow’s use of tracking cookies on other websites by using the functionality provided in our privacy policy or by following this opt-out link. https://mouseflow.com/opt-out/
14.6. Use of Retargeting Tools
On our Site, we use what is known as retargeting technology. We use retargeting to categorize web page users into user groups. Depending on the user group, we then address web page visitors on other web pages or in apps with personalised advertising regarding our products and services.
To do so, we use the following products, which are supplied to us by service providers:
“Facebook Custom Audience” and “Facebook Pixel” are products of Facebook Ireland Ltd., Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”). Our Site uses a “Facebook Pixel” from Facebook which creates a direct connection to the Facebook servers. The fact that You have visited our Site is therefore transmitted to the Facebook server. Facebook assigns this information to Your personal Facebook user account, if You have such an account and are logged into it. If You visit other web pages which use “Facebook Custom Audience”/“Facebook Pixel,” this information is also linked to Your user account. However, we cannot see which other web pages You visit. If You are not a Facebook user or You are not logged in to Facebook when You visit our web page, Your visit to our web page is not assigned to a Facebook user account.
For more information on the protection of Your privacy at Facebook, please see Facebook’s privacy information at https://www.facebook.com/about/privacy/. In particular, You can manage the content and information You have shared through Your use of Facebook via the ‘Activity log’ tool or download it from Facebook via the ‘Download your data’ tool.
14.6.2. “Google AdWords User Lists”/“Google Dynamic Remarketing”
“Google AdWords User Lists” and “Google Dynamic Remarketing” are products of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Our Site uses a pixel provided by Google that creates a direct connection to the Google servers. The fact that You have visited our web page is therefore transmitted to the Google server. Google links this information to a single ID that is stored on Your end device in the form of a cookie or is provided by Your end device (“advertising ID” on smartphones). If You visit other web pages which also use “Google AdWords User Lists”/“Google Dynamic Remarketing,” these are also linked to Your single ID. However, we cannot see which other web pages You visit.
14.6.3. Opt-out
You can opt out of the use of retargeting tools on our Site at any time for one or more tools. Please use the following links to do so:
opt-out ‘Google AdWords User Lists’/’Google Dynamic Remarketing’
For each tool, we store an opt-out cookie on Your end device which is valid for an unlimited period of time. If You use our web page with various end devices, You must opt out of the use of retargeting tools for each end device, as we cannot assign multiple end devices to individual visitors. By opting out, You stop the integration of the pixels described and no exchange of data with Facebook or Google takes place.
You can also deactivate personalized advertising directly with the advertising networks. For more information, please visit the web pages of Google and Facebook directly.
14.7. Use of Olapic
We use Olapic to display user-generated content on this Site. For more information, please see Olapic’s general terms and conditions of business: http://tos.olapic.com/weleda-de/
14.8. Use of OneTrust
OneTrust Technology Limited, 82 St. John Street, London, England, EC 1M 4JN, provides OneTrust, which we use as our consent tool. With this data protection management software, we offer You the possibility to consent to the storage of cookies in a legally compliant manner and to ensure the revocation of consent. Furthermore, the consent is documented for legal proof and the setting of cookies is technically controlled. Cookies are used for this purpose, which saves Your cookie settings on our Site. Thus, Your cookie settings can be retained when You visit our platforms again, as long as You do not delete the cookies beforehand. You can adjust Your settings at any time.
In order to accomplish this, OneTrust collects Your IP address, which is not stored, as well as a pseudo-anonymous browser ID, and, in the case of consent, information on browser, country, device type is also stored.
If you wish to object, please click on the "Cookie Settings" button in the "Cookies" section on this page.
14.9. Use of Akamai CDN
We use Akamai CDN to properly deliver the content on our Site. Akamai CDN is a service provided by Akamai Technologies, Inc., 145 Broadway, Cambridge, MA 02142, which acts as a content delivery network (CDN) on our Site.
A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Akamai Technologies, Inc., whereby Your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed solely for the purposes set out above and to maintain the security and functionality of Akamai CDN.
We use Google CDN to properly deliver the content on our Site. Google CDN is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland which acts as a content delivery network (CDN) on our Site.
A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you connect to servers of Google Ireland Limited, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data will be processed exclusively for the purposes mentioned above and to maintain the security and functionality of Google CDN.
We use Pinterest CDN to properly deliver the content of our Site. Pinterest CDN is a service provided by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, which acts as a content delivery network (CDN) on our Site.
A CDN helps to make content from our online offering, especially files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When You access this content, You establish a connection to servers of Pinterest Inc., whereby Your IP address and, if applicable, browser data such as Your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Pinterest CDN.
We use the “Global Address” service provided by GB Group PLC, The Foundation, Herons Way, Chester Business Park, Chester, CH4 9GB, United Kingdom (“Loqate”) for data validation of the address you enter on our website at any time (e.g. during the ordering process or when registering a customer account).
The address data you enter on our website at any time is checked directly when entered via the online interface. Via the interface, the entered data is compared with the Loqate database, which is located in the UK or the USA, and matching addresses are suggested for selection.
The data is processed for the purpose of ensuring that the data entered is correct and that no incorrect data is stored in our system. The IP address used when entering Your address is stored on the Loqate servers for 30 days from the day in which an address is input, and then deleted.
The legal basis for processing the data is your consent in accordance with Art. 6(1)(a) GDPR, Section 25 (1) TTDSG. You can revoke this consent at any time by clicking on the "Cookie Settings" button in the "Cookies" section on this page and adjusting your settings accordingly.
15. Data Security
Unfortunately, the transfer of information via the Internet is never 100% secure, so we are unable to guarantee the security of data transmitted to our Site via the Internet.
However, we use technical and organizational measures to protect our Site from the loss, destruction, access, modification or distribution of your data by unauthorized persons.
In particular, Your personal data is transferred by us in encrypted form. We use the coding system SSL/TLS (Secure Sockets Layer/Transport Layer Security) for this purpose. Our security measures are constantly being improved in line with advances in technology.
16. SMS Messaging Privacy Policy
This SMS Messaging Privacy Policy (“SMS Policy”) governs how we collect and use information about You in relation to Weleda’s text message marketing program(s) (the “Messaging Service”), which we make available to You through a third-party service provider.
By using the Messaging Service, You agree to the terms of this SMS Policy. We reserve the right, in our sole discretion, to modify or change this SMS Policy at any time with or without prior notice to You. This SMS Policy, and any changes, are effective as soon as posted and supersede any prior SMS Policies. Your continued use of the Messaging Service following the posting of any changes to the SMS Policy constitutes Your full acceptance of those changes.
16.1. Collection of Information
Through Your use of the Messaging Service, we will receive SMS Personal Information through our third-party service provider. “SMS Personal Information” is information that individually identifies you, such as your mobile phone number you provided when signing up for the Messaging Service, any user or screen name that You select in connection with the Messaging Service, any comments or feedback regarding the Messaging Service that You send to us, or any other information that You choose to include in messages You send through the Messaging Service. When You send messages via the Messaging Service, we will also collect Your messaging history and any information included in those messages.
We may also collect Personal Information about You using cookies or similar technologies. Cookies are pieces of information that are stored by Your browser on the hard drive or memory of Your device. Cookies enable personalization of Your experience on the Messaging Service (e.g., sending You personalized text messages such as shopping cart reminders).
If You participate in a contest, sweepstakes, research study, or email survey associated with the Messaging Service, we will collect basic contact information and any other information You choose to provide in connection with these activities. We will also collect Your contact information if You contact us with questions about the Messaging Service or for customer service.
16.2. Use of Information
We use SMS Personal Information to deliver, analyze, maintain and support the Messaging Service. We may also use SMS Personal Information to enhance the Messaging Service features and customize and personalize Your experiences on the Messaging Service.
16.3. Sharing of Information
Weleda will not rent or sell Your SMS Personal Information to other companies or individuals unless we have Your consent. We may use or disclose SMS Personal Information in any of the following limited circumstances:
We have Your consent.
We need to enforce our Terms of Service.
We provide such information to trusted businesses or persons for the sole purpose of processing SMS Personal Information on our behalf or providing the Messaging Service to You. When this is done, it is subject to agreements that oblige those parties to process such information only on our instructions and in compliance with this SMS Policy and appropriate confidentiality and security measures. If the third party fails to comply with our terms, Weleda is not accountable in any way for any liability or reimbursement.
We provide such SMS Personal Information to third parties who have entered into non-disclosure agreements with us.
We provide SMS Personal Information to a company controlled by, or under common control with, Weleda for any purpose permitted by this SMS Policy.
We respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights, or the legal rights of others, or defend against legal claims.
We believe it is necessary to share SMS Personal Information to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Weleda’s Terms of Service, or as otherwise required by law.
We transfer SMS Personal Information about You if Weleda is, or its assets are, acquired by or merged with another company.
From time to time, we may share aggregate or de-identified information about use of the Messaging Service and such aggregated or de-identified information may be shared with any third party, including advertisers, promotional partners, and sponsors.
16.4. Protection of Information
Weleda takes a variety of physical, technical, administrative, and organizational security measures based on the sensitivity of the information we collect to protect your SMS Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. Unfortunately, no online activity can be guaranteed to be 100% secure. You should note that in using the Messaging Service, Your information will travel through third-party infrastructures which are not under our control (such as a third-party provider’s SMS delivery platform or Your carrier network). While we strive to protect Your information against unauthorized use or disclosure, we cannot ensure or warrant the security of any information You provide. By using the Messaging Service, You agree that Weleda is not liable for any unintentional disclosure.
16.5. Children and Intended Audience
The Messaging Service is not intended for children under 13, and Weleda does not knowingly collect information from children under the age of 13.
Children aged 13 or older should not submit any SMS Personal Information without the permission of their parents or guardians. By using the Messaging Service, You are representing that You are at least 18, or that You are at least 13 years old and have Your parents’ permission to use the service.
Weleda requires that users of the Messaging Service be limited to US residents only.
16.6. Retention of Information
We retain Your SMS Personal Information for as long as You participate in the Messaging Service or as needed to comply with applicable legal obligations. We will also retain and use Your SMS Personal Information as necessary to resolve disputes, protect us and our customers, and enforce our agreements.
16.7. Choices and Controls
Consent to receive automated marketing text messages is not a condition of any purchase. You can opt-out of receiving further commercial text messages via the Messaging Service by responding to any of our text messages with any of the following replies: STOP, END, CANCEL, UNSUBSCRIBE, or QUIT.
16.8. Customer Care
If you are experiencing any problems with the Messaging Service, please visit Customer Support and submit the form with details about your problem or your request for support.
17. Personalized Advertising on Facebook
If you consent, we will use the telephone number or email address you provide to display personalized advertising on the Facebook/Meta platforms.
Facebook offers the option of creating target groups via the "Custom Audiences" function. For this purpose, the above-mentioned contact data is uploaded to Facebook. The upload process is encrypted. The data is processed by Facebook in accordance with Facebook's data usage policy. Further information on the display of Facebook ads can be found at https://www.facebook.com/policy.php.
This upload serves the purpose of being able to determine the recipients of our ads on the respective platform in a target group-specific manner. We want to ensure that the ads are only displayed to users who are interested in our information and services.
The target groups can also be used to create similar target groups (“lookalike audiences") based on similar characteristics. These lookalike audiences can be used to send targeted advertising on Facebook to people who have similar characteristics to people in the target groups.
To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions on the settings for usage-based advertising at https://www.facebook.com/settings?tab=ads and object to their use by setting "Not allowed". The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
18. PayPal
Payments via PayPal are processed via the payment service PayPal. All payment data is entered directly into the PayPal system and cannot be read or saved by us. For payment processing, we transmit Your name, Your invoice amount and Your delivery address to PayPal if You have opted for this payment method. Without the transmission of Your personal data, we cannot process a payment via PayPal, but You can choose another payment method. Further information on data processing by PayPal can be found at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full.
19. General Data Protection Regulation (“GDPR”)
If You are considered a data subject as defined by Article 4 section 1 GDPR, You have the following rights regarding the processing of Your personal data according to the GDPR. The legal text for the rights listed below can be found at
According to the conditions of Article 15 GDPR, You have the right to request confirmation of whether Your personal data is being processed, to be given access to the personal data stored concerning You by the controller at any time and free of charge, and to receive a copy thereof.
Right to rectification
According to the conditions of Article 16 GDPR, You have the right to request rectification without undue delay of inaccurate personal data concerning You. Taking into account the purposes of processing, You also have the right to have incomplete personal data completed — including by means of providing a supplementary statement.
Right to erasure
Subject to the conditions of Article 17 GDPR, You have the right to request that personal data concerning You be erased without undue delay, providing one of the grounds stated in Article 17 GDPR applies and processing is not necessary.
Right to restriction of processing
According to the conditions of Article 18 GDPR, You have the right to request the restriction of processing if one of the conditions stated in Article 18 GDPR applies.
Right to data portability
According to the conditions of Article 20 GDPR, You have the right to receive personal data concerning You, and that You have provided to us, in a structured, commonly used and machine-readable format, and You have the right to transmit said data to another controller without hindrance from us, providing the additional conditions in Article 20 GDPR apply.
Right to withdraw consent
You have the right to withdraw consent issued to us to processing personal data at any time with effect for the future. Please address Your withdrawal to the contact details above.
Right to object
According to the conditions of Article 21 GDPR, You have the right to object to the processing of personal data concerning You at any time. If the conditions for an effective objection are fulfilled, we are no longer permitted to process the data.
Right to lodge a complaint with a supervisory authority
Irrespective of any other remedy in terms of administrative or court proceedings, You have the right to lodge a complaint with a supervisory authority, particularly in the member state in which You reside, in which You work or in which the suspected violation took place, if You believe that the processing of personal data concerning You violates the specifications of the GDPR.
20. For California Residents
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If You are a California resident and would like to make such a request, please submit Your request in writing to us using the contact information provided below.
If You are under 18 years of age, reside in California, and have a registered account on the Site, You have the right to request removal of unwanted data that You post on the Site. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with Your account and a statement that You reside in California. We will make sure the data is not publicly displayed on the Site, but please be aware that the data may not be completely or comprehensively removed from our systems.
Additionally, if You are a resident of California, You have certain rights pursuant to California Consumer Privacy Act (“CCPA”) with respect to “personal information” collected by a business. Under the CCPA, “personal information” means any information that identifies, relates to, or could reasonably be linked with You or Your household, but does not include publicly available information. Weleda does not collect “sensitive personal information” as that term is defined in the CCPA.
A California resident has the following enumerated consumer rights under the applicable laws:
Right to know
You have the right to request that a business disclose to You: (1) the categories and/or specific pieces of personal information they have collected about You, (2) the categories of sources for that personal information, (3) the purposes for which the business uses that information, (4) the categories of third parties with whom the business discloses the information, and (5) the categories of information that the business sells or discloses to third parties. You can make a request to know up to twice a year, free of charge. In accordance with applicable law, we are not obligated to provide or delete a consumer’s personal information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.
Right to delete
You have the right to request that businesses delete personal information they collected from You and tell their service providers to do the same, subject to certain exceptions (such as if the business is legally required to keep the information).
Right to opt-out of sale or sharing
You have the right to request that businesses stop selling or sharing Your personal information (“opt-out”). Businesses cannot sell or share Your personal information after they receive Your opt-out request unless You later authorize them to do so again.
Right to correct
You have the right to request businesses to correct inaccurate information that they have about You.
Right to limit use and disclosure of sensitive personal information
You have the right to direct businesses to only use Your sensitive personal information (for example, Your social security number, financial account information, Your precise geolocation data, or Your genetic data) for limited purposes, such as providing You with the services You requested.
Right to non-discrimination
You have the right to not be discriminated against if You exercise Your privacy rights under California law.
Upon receiving Your request to exercise any of these consumer rights, we will need to verify Your identity to determine You are the same person about whom we have the information in our system. These verification efforts require us to ask You to provide information so that we can match it with information You have previously provided us. We will only use personal information provided in Your request to verify Your identity and authority to make the request. To the extent possible, we will avoid requesting additional information from You for the purposes of verification. However, if we cannot verify Your identity from the information already maintained by us, we may request that You provide additional information for the purposes of verifying Your identity and for security or fraud-prevention purposes. We will delete such additional information as son as we finish verifying You.
You may invoke these consumer rights at any time by submitting a request to us specifying the consumer rights You wish to invoke. The request should be sent via e-mail at [email protected], by calling toll-free at 800.241.1030, by visiting https://www.weleda.com/contact, or to the contact information provided in Section 24.
21. For Virginia Residents
If You are a resident of Virginia, You have certain rights pursuant to the Virginia Consumer Data Protection Act (“VCDPA”) with respect to “personal data” collected by a business. Under the VCDPA, “personal data” means any information that is linked or reasonably linkable to a Virginia resident, but does not include publicly available information. Weleda does not collect “sensitive data” as that term is defined in the VCDPA. The entire VCDPA can be read here: https://law.lis.virginia.gov/vacodefull/title59.1/chapter53/
Pursuant to the VCDPA, a Virginia resident has the following enumerated consumer rights:
Right to confirmation and access
You have the right to request confirmation of whether Your personal data is being processed, to be given access to the personal data stored concerning You by the controller.
Right to rectification
You have the right to request rectification of inaccurate personal data concerning You, taking into account the nature of the personal data and the purposes of processing of the personal data.
Right to erasure
You have the right to request that personal data provided by or obtained about You be deleted.
Right to data portability
You have the right to receive personal data that you previously provided to us, in a portable and, to the extent technically feasible, readily usable format that allows You to transmit said data to another controller without hindrance from us, where the processing is carried out by automated means.
Right to opt out
You have the right to opt out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning You.
You may invoke the consumer rights authorized pursuant to the VCDPA at any time by submitting a request to us specifying the consumer rights You wish to invoke. The request should be sent to the contact information provided in Section 24. A known child's parent or legal guardian may invoke such consumer rights on behalf of the child regarding processing personal data belonging to the known child. We may request that You provide additional information reasonably necessary to verify You and Your request.
Upon receiving Your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended for an additional forty-five (45) days when reasonably necessary. We will inform You of any such extension within the initial 45-day response period, together with the reason for the extension. Information provided in response to a consumer request shall be provided free of charge, up to twice annually per consumer.
If we decline to take action regarding Your request, we will inform You of our decision and the reasoning behind it. If You wish to appeal, please email us at the contact information provided in Section 24. Within sixty (60) days of receipt of an appeal, we will inform You in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If Your appeal is denied, You may contact the Attorney General to submit a complaint. The Attorney General can be contacted at: https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint
22. Passing on Your Personal Data
Your personal data is passed on as follows.
The website is hosted by an external service provider in Germany. This is required for the operation of the website and for the justification, performance and implementation of the existing usage agreement and may also occur without Your consent.
Data is then also passed on if we are entitled or obliged to pass on data as a result of legal provisions and/or by order of authorities or courts. This may include, in particular, disclosure for the purposes of criminal prosecution, emergency response or to implement intellectual property rights.
If Your data is passed on to the service provider to the necessary extent, they shall only have access to Your personal data to the extent required to fulfil their duties. These service providers are obliged to handle Your personal data in line with the applicable data protection laws.
Apart from the circumstances mentioned above, we shall not transmit Your data to third parties without Your consent. In particular, we shall not pass on any personal data to an entity in a third country or an international organization.
23. Storage period for personal data
With regard to the storage period, we erase personal data as soon as its storage is no longer required to fulfil the original purpose and all statutory retention periods have ceased to apply. The statutory retention periods are the ultimate criterion for the definitive duration of storage of personal data. Once the period has expired, the relevant data is erased on a routine basis. If retention periods apply, processing is restricted by blocking the data.
24. Note on provision of personal data by the data subject
We would like to take this opportunity to inform You that the provision of personal data is legally required under certain circumstances (e.g. payment details to pay for billable services) or may arise from contractual arrangements. In order to take full advantage of the Services offered on the Site, You must conclude a relevant usage agreement with us (general terms of use) through registration. In order for this agreement to be performed, You must provide us with certain personal data (e.g. username, email address) which we process as part of the performance of this agreement. If You do not communicate (provide) this personal data to us, this would make it impossible to conclude the agreement with You or, if only some is provided, our services could not be provided in full.
25. Referrals and links
When accessing web pages referred to by our Site, You may be asked to re-enter details such as Your name, address, email address, browser properties etc. This data protection policy does not govern the collection, disclosure or handling of personal data by third parties.
Third-party providers may have their own different provisions with regard to collecting, processing and using personal data. When visiting third-party web pages, we therefore advise that You find out about their practice for handling personal data before entering personal data.
26. Changes to the data protection policy
We are constantly developing our Site in order to be able to provide You with an improving service. We will keep this Privacy Policy up to date at all times and adapt it if and when necessary.
We shall of course inform You in good time of any changes to this Privacy Policy. We may do this, for example, by sending an email to the email address You provided. Should You be required to give additional consent to our handling of Your data, we shall of course obtain this from You before any such changes take effect.
You can access the latest version of our Privacy Policy online at any time at https://www.weleda.com/footer/legal/privacy-policy.
27. Data protection
If you have any queries concerning our Privacy Policy, please contact us.
