Customer Privacy Notice
In this customer privacy notice, we provide comprehensive information about how we handle personal data and inform you about your rights.
1. Name and contact details of the responsible entity for data processing and of the data protection officer
This data privacy information applies to data processing by:
Responsible entity:
LaVita GmbH (hereinafter referred to as LaVita)
Ziegelfeldstraße 10, 84036 Kumhausen, Germany
Email: info@lavita.com
Telephone: +49 871/972 170
Fax: +49 871/972 1717
The data protection officer of LaVita can be reached at the above address, attn: Data Protection Department, or at datenschutz@lavita.de.
2. Collection and storage of personal data, as well as the nature and purpose of its use
a) When visiting the website
When you visit our website www.lavita.com the browser on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without any action on your part and stored until it is automatically deleted:
The above-mentioned data will be processed by us for the following purposes:
The legal basis for the processing of data is Article 6(1)(1)(f) of the GDPR. Our legitimate interest is based on the purposes for data collection listed above. We do not use the collected data to identify you personally.
In addition, we use cookies and analytics services when you visit our website. For more details see Sections 4 and 5 of this data protection declaration.
b) When you place an order in our online shop as a guest
When you order products from our website as a guest, we collect the following information:
This data is collected for the following purposes:
The data processing is carried out following your query and is necessary according to Article 6(1)(1)(b) of the GDPR for the purposes mentioned for the fulfilment of the contract and pre-contractual measures.
To ensure the smooth and easy processing of your order and for faster processing of queries, you may also provide additional information:
The provision of this data is voluntary.
The personal data collected by us for the order will be stored until the expiry of the statutory warranty obligation and will then be automatically deleted unless, according to Article 6(1)(1)(c) of the GDPR, we are obliged to store it for a longer period due to tax and commercial law storage and documentation obligations (as per HGB (German Commercial Code), StGB (German Criminal Code) or AO (German Tax Code) or you have consented to storage beyond this period in accordance with Article 6(1)(1)(a) of the GDPR.
c) When you set up a user account
You have the option to set up a password-protected user account with us, in which we store your personal data. This serves the purpose of providing you with the greatest possible convenience in processing your orders by enabling a simpler, faster and more personalised purchasing experience.
If you wish to set up a password-protected user account with us, we require the following information from you:
To create a user account, you must provide a password of your own choice. Along with your email address, the password gives you access your user account. In your user account, you can view and change the data stored about you at any time.
We only store your personal data in a user account if you have voluntarily given us your consent according to Article 6(1)(1)(a) of the GDPR.
You do not need a user account to use our website or to place orders with us. We offer you the option to place an order as a guest (see Section 2. b). However, in this case you will have to re-enter your data every time you place an order.
Once your user account is deleted, the data collected by us will be automatically deleted unless, according to Article 6(1)(1)(c) of the GDPR, we are obliged to store it for a longer period due to tax and commercial law storage and documentation obligations (as per HGB (German Commercial Code), StGB (German Criminal Code) or AO (German Tax Code) or you have consented to storage beyond this period in accordance with Article 6(1)(1)(a) of the GDPR.
d) When you sign up for our newsletter
Provided you gave your express consent in accordance with Article 6(1)(1)(a) of the GDPR, we use your email address to regularly send you our newsletter. To receive the newsletter, all you need to do is provide your email address in the newsletter form
In certain circumstances we may also use your email address to send you information about similar products from our company, provided you are an existing customer and have not objected to the use of your email address for this purpose.
In both cases you can unsubscribe at any time, for example, by clicking the link at the end of the newsletter. Alternatively, you are welcome to email your request to unsubscribe at any time via info@lavita.com.
If we send you email newsletters, these newsletters contain elements that respond to the reading or confirmation of links within the newsletter and are associated with an individual technical identifier. We use this information for the statistical evaluation of feedback obtained from the use of the newsletter in order to improve the newsletter service for you. We use the services of Bloomreach/Exponea for newsletter campaign automation (cf. 5. a) V.).
e) When using our contact form
If you have any questions, you can contact us by using the contact form provided on the website. You will need to provide us with a valid email address so that we know who is asking the question and to allow us to reply. Additional information can be provided voluntarily.
Data processing for the purpose of establishing contact with us is based on Article 6(1)(1)(a) of the GDPR on the basis of your voluntarily granted consent.
The personal data we collect when you use the contact form is automatically deleted once we have dealt with your inquiry.
f) When submitting an application via the online form
You can use the online application form to send us an unsolicited application. As part of the application process, the following personal data will be collected from you and stored:
You also have the option to voluntarily provide us with your phone number and a text for further information.
The data processing is carried out on your request and only to the extent that it is necessary for responding to the application and establishing the employment relationship in accordance with Article 88(1) of the GDPR in conjunction with Section 26(1) of the BDSG (data protection act), or to protect our legitimate interests in accordance with Article 6(1)(1)(f) of the GDPR.
The data is processed for the purpose of applying for employment. Personal data is regularly deleted 6 months after the application process has ended, unless you have consented to longer storage in accordance with Article 6(1)(1)(a) of the GDPR.
3. Data transfer
Your data is not passed on to third parties for any purposes other than those listed below.
a) For contract execution
In as far this is legally permissible and required in accordance with Article 6(1)(1)(b) of the GDPR for the processing of contractual relationships, your personal data is passed on to third parties. This includes, in particular, the transfer to shipping companies for the purpose of delivering the goods you ordered and the transfer of payment data to payment service providers or banks to facilitate the payment transaction. The data shared with third parties may only be used by these for the specified purposes.
b) For billing purposes
Based on our legitimate interests pursuant to Article 6(1)(1)(f) of the GDPR we may also transfer your data to our partners. The transfer of your data to our partners is necessary for general billing purposes. This economic interest is to be regarded as a legitimate interest within the meaning of Article 6(1)(1)(f) of the GDPR.
c) For other purposes
In addition to the above, we only transfer your personal data to third parties in the following cases:
4. Cookies
We use cookies on our website. These are small files automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause damage to your device, they do not contain viruses, Trojans or other malware.
The cookie stores information related to the specific device you use. However, this does not mean that we can directly infer your identity from this.
The use of cookies allows us to make the use of our services more enjoyable for you. We use so-called session cookies to keep track of the individual pages you have already visited on our website, whether already logged into your user account or to display the shopping cart. These cookies are automatically deleted once you leave our website.
We also use temporary cookies that are stored on your device for a specified period of time to improve user-friendliness. When you visit our website again to use our services, it is automatically recognised that you have already visited our website and what entries and settings you have made so that you do not have to enter them again.
Furthermore, we use cookies to statistically analyse the use of our website and to evaluate it for you for the purpose of optimising our services (see Section 5). These cookies allow us to automatically know, when you return to our website, that you have already visited us. They are automatically deleted after a specified period of time.
The data processed by cookies is required for the aforementioned purposes in order to protect our legitimate interests and those of third parties in accordance with Article 6(1)(1)(f) of the GDPR. Most browsers automatically accept cookies. However, you can configure your browser such that no cookies are stored on your computer or a message appears before a new cookie is created. Completely disabling cookies, however, may mean that you cannot use all of the features of our website.
You can manage your cookie settings in the footer.
5. Analysis tools
a) Tracking tools
The tracking measures listed below and used by us are carried out based on Article 6(1)(1)(f) of the GDPR. With these tracking measures we want to ensure that our website is designed to meet requirements and is continually improved. Furthermore, we use the tracking measures to statistically analyse the use of our website and to evaluate it for you for the purpose of optimising our services. These interests are deemed legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the relevant tracking tools.
I.) Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as 'Google') to design our web pages in line with needs and to continuously improve them. In this context, pseudonymised user profiles are created and cookies (see Section 4) are used. The information generated by the cookie about your use of this website, such as
is transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and the needs-based design of these internet pages. This information may be passed on to third parties insofar as the law requires this or if third parties process the data on another party’s behalf. Under no circumstances will your IP address be associated with other data stored by Google. The IP addresses are anonymised, which means that it is not possible to identify specific individuals (IP masking).
You can prevent the installation of the cookies by selecting the appropriate settings in your browser; please note, however, that in this case it is possible that you will not be able to use all the features of this website.
You can additionally prevent the collection of data generated by the cookie and associated with your use of the website (including your IP address), its transmission to and its processing by Google by downloading and installing a browser add-on.
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. This sets an opt-out cookie, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid for this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you have to set the opt-out cookie again.
For more information on data protection in connection with Google Analytics, please consult the Google Analytics help centre.
II.) Google AdWords Conversion Tracking
To statistically capture the use of our website and to evaluate it for the purpose of optimising our offer for you, we also use Google Conversion Tracking. Google AdWords then sets a cookie (see Section 4) on your computer if you have accessed our website via a Google ad.
These cookies expire after 30 days and do not personally identify a user. If the user visits certain pages of the website of the AdWords customer and the cookie has not yet expired, then Google and the customer can see that the user clicked on the ad and was redirected to this page.
Every AdWords customers receives a different cookie. This means that cookies cannot be tracked through the websites of other AdWords customers. The information collected by conversion cookies only serves to generate conversion statistics for AdWords customers who have decided to use conversion tracking. Customers find out the total number of users who have clicked on their ads and who have been redirected to a page with a conversion tracking tag. They do not, however, receive any information that could be used to identify users personally.
If you do not wish to participate in the tracking process, you can also refuse the setting of a cookie required for this – for example, by a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain 'www.googleadservices.com'. You can find Google's data protection information about conversion tracking here.
III.) Google Tag Manager
Google Tag Manager is a solution that allows us to manage so-called website tags through an interface (thereby integrating Google Analytics and other Google marketing services into our online offer). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, please see the information about Google services below. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
IV.) Bing Ads
We use Bing Universal Event Tracking (UET) from Microsoft Bing Ads. This is a service provided by the Microsoft Corporation ('Microsoft'). It allows us to track the activity of users on our website when they come to our website via ads from Bing Ads.
If you come to our website via a Bing Ads ad, a cookie (see Section 4) is set on your computer. A Bing UET tag is integrated on our website. The Bing UET tag is a code through which, in connection with the cookie, some non-personal data about the use of the website is stored. This includes the length of time spent on the website, which areas of the website were visited, and which ad the users used to reach the website. Information about your identity is not collected.
This information is transferred to Microsoft servers in the USA and stored there for no more than 180 days.
For more information about Bing's analytics services, please visit the Bing website.
You can find more information about data protection at Microsoft in the data protection regulations of Microsoft.
V.) Bloomreach/Eponea
For interest-based marketing purposes, retargeting, the optimisation of our web offerings, the analysis of your surfing behaviour and for marketing campaign automation, this website uses the services of Exponea DE GmbH, Kemperplatz 1, Mitte D, 10785 Berlin.
Exponea uses the following cookies to collect information about the use of our website: https://docs.exponea.com/docs/cookies-storage.
The data collected by the cookies contain the following information: IP address, login information, time zone setting, operating system and platform, information about visits including URL, search terms, information about what you searched for or viewed on our site, website response time, download errors, duration of visits to specific pages, information about website interaction (such as scrolling, clicks and mouse-overs) and how pages were exited, user activity, web page browsing.
Exponea processes additional data (your last name, first name, gender, email address) only if you have subscribed to our email newsletter. In this case we create a user profile with the collected data in order to provide you with a newsletter that is tailored to your interests.
The legal basis for the processing of data by Exponea is Article 6(1)(1)(f) of the GDPR. We enable you to manage your participation in data collection. Click here for a full opt-out from data collection by https://www-dev.lavita.com/opt-out-exponea/
For more information about Exponea's services, go to https://exponea.com/de/capabilities/.
For more information about data protection at Exponea, go to https://exponea.com/de/privacy-policy/.
VI.) OpenReplay
OpenReplay is an open source session replay software that we use to analyse how users use our platform. OpenReplay provides us with records that enable us to track activities on the platform in the event of a problem (bugs), which in turn allows us to fix them. OpenReplay is configured in such a way that all entered data is anonymised and obscured for recording. This process of anonymisation means that only the course of action of the user and the occurrence of bugs are recorded and documented. Any personal data will be automatically anonymised and obscured. Furthermore, OpenReplay does not store any personal data.
VII.) Piwik PRO
We use Piwik PRO on our website, a software to carry out web analyses. The service provider is the German company Piwik PRO GmbH, Kurfürstendamm 21, 10719 Berlin, Germany. You can find out more about the data processed through the use of Piwik PRO in the privacy policy at https://piwikpro.de/datenschutz/.
VIII.) Matomo
We use the web analysis tool "Matomo" on our website. Matomo creates user profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognize and count returning visitors. Data processing takes place on the basis of your consent in accordance with Section 25 (1) TTDSG, Art. 6 (1) (a) GDPR, provided that you have given your consent via our banner. You can withdraw your consent at any time. Please make the appropriate settings via our cookie banner. Further information on Matomo's terms of use and data protection regulations can be found at: https://matomo.org/privacy/
b) Targeting and remarketing tools
The targeting measures listed below and used by us are carried out based on Article 6(1)(1)(f) of the GDPR. We use targeting measures to ensure that only advertisements aligned with your actual or assumed interests are displayed on your devices. These interests are deemed legitimate within the meaning of the aforementioned provision.
We also use remarketing on our website. This is a method through which we aim to re-engage with you. Through this application, after visiting our website, our advertisements can be displayed to you during your internet use after visiting our website This is done by means of cookies stored in your browser, which are used to record and analyse your usage behaviour when visiting various websites via tracking partners. This allows tracking partners to know that you have visited our website. The data collected during remarketing is not combined with your personal data stored by the tracking partners. In particular, tracking partners use pseudonymisation in their remarketing.
The respective data processing purposes and data categories can be found in the relevant targeting tools.
I.) Google Adwords Remarketing
We use Google remarketing tags. This is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as “Google”). Google uses cookies (see Section 4), which are stored on your computer and allow your use of the website to be analysed. The information about how you use this website that is generated by a cookie (including your IP address) is transmitted to a server of Google in the US and stored there. Google then truncates the last three digits of the IP address, making it impossible to uniquely associate the IP address. Google complies with the data protection provisions of the US Safe Harbor agreement and is registered with the Safe Harbor programme of the US Department of Commerce. Google will use this information to analyse how you use the website, to generate reports about website activities for the website operator and to provide further services associated with the use of the website and of the Internet.
Google may also pass on this information to third parties insofar as required by law or if third parties process the data on Google's behalf. Third parties, including Google, place ads on websites on the internet. Third parties, including Google, use stored cookies to serve ads based on a user's previous visits to this website. Under no circumstance will Google associate your IP address with other data stored by Google. The collection and storage of data can be objected to at any time with effect for the future. You can disable Google's use of cookies by visiting the Google advertising opt-out page.
We would like to point out, however, that you may not be able all to use all features of this website in that case. By using this website you agree to the processing of the data collected about you by Google in the manner and for the purpose outlined above. You can find more information about Google's policies here.
II.) Facebook Retargeting / Remarketing
Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA ('Facebook') are integrated on our web pages. When you visit our website, a direct connection between your browser and the Facebook server is established by means of the remarketing tags. This enables Facebook to receive the information that you have visited our website from your IP address. This allows Facebook to associate the visit to our website with your user account. We can use the information obtained in this way to display Facebook ads.
We must point out that, as operators of this website, we have no knowledge of the content of the data transmitted to Facebook and how Facebook uses this data.
You can find more information in the data protection declaration of Facebook.
III.) Facebook Custom Audiences
We also use Facebook's Custom Audiences feature. This is a marketing service of Facebook. This allows us to show tailored and interest-based advertising on Facebook to certain groups of pseudonymised visitors to our website who also use Facebook. A Facebook Custom Audience pixel is integrated on our website. This involves a JavaScript code, through which non-personal data about the use of the website is stored. This includes your IP address, the browser you are using and
source and target page. This information is transferred to Facebook servers in the USA. There, it is automatically checked whether you have saved a Facebook cookie. The Facebook cookie is used to automatically determine whether you are part of the target group that is relevant for us. If you are, you will be shown relevant ads from us on Facebook. During this process you are not personally identified by either us or Facebook through data comparison.
You can object to the use of the Custom Audiences service using this link.
For more information about data privacy at Facebook, see the data privacy policy of Facebook.
IV.) TikTok
We use the TikTok pixel on our website. The TikTok pixel is a TikTok advertiser tool provided by TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, and TikTok Information Technologies UK Limited, WeWork, 125 Kingsway, London, WC2B 6NH, United Kingdom (collectively 'TikTok').
The TikTok pixel is a JavaScript code snippet that allows us to understand and track visitors' activity on our website. The TikTok pixel collects and processes information about the users of our website or the devices they use. The data collected through the TikTok pixel is used for targeting our ads and improving ad delivery and for personalised advertising. The data collected on our website by means of the TikTok pixel is transmitted to TikTok for this purpose. Some of this data is information stored on the device you are using. Cookies are also used via the TikTok pixel; these are used to store information on the device you are using. Storage of information by the TikTok pixel or access to information already stored on your device only happens with your consent.
For more information on how TikTok processes personal data, including the legal basis TikTok relies on and the ways to exercise your rights against TikTok, please refer to TikTok's privacy policy at https://www.tiktok.com/legal/privacy-policy?lang=de-DE.
6. Social media plug-ins
On our website, based on Article 6(1)(1)(f) of the GDPR, we use social plug-ins of the social networks Facebook, Twitter and Instagram to raise awareness of our company that way. The underlying advertising purpose is deemed a legitimate interest within the meaning of the GDPR. The responsibility for operation in compliance with data protection regulations lies with the respective provider. The integration of these plug-ins is based on the so-called two-click process in order to protect visitors to our website as much as possible.
a) Facebook
On our platform we use social-media plug-ins of Facebook to make its use more personalised. To do this, we use the 'LIKE' or 'SHARE' button. This is a service by Facebook.
If you access a page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of Facebook. The content of the plug-in is directly transmitted to your browser by Facebook and the browser integrates it into the website.
The integration of the plug-in means that Facebook receives the information that your browser has accessed the relevant page on our website even if you do not have a Facebook account or are not currently logged into Facebook. This information (including your IP address) is directly transmitted by your browser to a Facebook server in the USA and stored there.
If you are logged into Facebook, Facebook is able to directly associate the visit to our website with your Facebook account. If you interact with the plug-ins, such as by using the 'LIKE' or 'SHARE' button, the relevant information is also transmitted directly to a Facebook server and stored there. In addition, the information is posted on Facebook and can be seen by your Facebook friends.
Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. To do this, Facebook creates usage, interest and relationship profiles to evaluate your use of our website with regard to the adverts shown to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services related to Facebook use.
If you do not want Facebook to associate the data collected via our website with your Facebook account, then you must log out of Facebook before visiting our website.
Please see the Facebook data protection policy for information on the purpose and scope of data collection and its further processing and use of data by Facebook, as well as your applicable rights and settings options for protecting your privacy.
b) Instagram
Our website also uses so-called social plug-ins ('plug-ins') from Instagram, which is operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA ('Instagram').
These plug-ins are marked with an Instagram logo, for example the 'Instagram camera'.
If you access a page on our website that contains such a plug-in, your browser establishes a direct connection with the servers of Instagram. The content of the plug-in is directly transmitted to your browser by Instagram and the browser integrates it into the website. The integration of the plug-in means that Instagram receives the information that your browser has accessed the relevant page on our website even if you do not have an Instagram account or are not currently logged into Instagram.
This information (including your IP address) is directly transmitted by your browser to an Instagram server in the USA and stored there. If you are logged into Instagram, Instagram is able to directly associate the visit to our website with your Instagram account. If you interact with the plug-ins, such as by using the 'Instagram' button, this information is also transmitted directly to an Instagram server and stored there.
The information will also be published on your Instagram account and shown to your contacts there.
If you do not wish Instagram to associate the data collected via our website with your Instagram account, then you must log out of Instagram before visiting our website.
For more information, see the data protection declaration of Instagram.
7. Trusted Shops
On our website and for orders in our online shop, we use the buyer protection system of Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Cologne, ('Trusted Shops'), to enable customers to purchase our products securely in the online shop.
When placing orders in our online shop you have the option to use the buyer protection of Trusted Shops and also to leave a review in the Trusted Shops review system. This is done voluntarily.
If you have given us your consent during or after your order in accordance with Article 6(1)(1)(a) of the GDPR by activating the corresponding checkbox or clicking a button provided for this purpose ('Review later'), we will forward your email address to Trusted Shops for the processing of your orders in our online shop.
This consent can be revoked at any time by sending a message to the contact option below or directly to Trusted Shops.
For more information, see the data protection declaration of Trusted Shops.
8. Data subject rights
You have the right:
9. Right of objection
If your personal data is processed based on legitimate interests in accordance with Article 6(1)(1)(1)(f) of the GDPR, you have the right, in accordance with Article 21 of the GDPR, to object to the processing of your personal data, provided there are reasons that arise from your special situation or the objection is directed against direct advertising. In the latter case you have a general right of objection that we implement without you having to provide information about a special situation. If you would like to exercise your right of revocation or right of objection, all you need to do is send an email to info@lavita.com.
10. Data security
When you place an order we use the standard SSL method (Secure Socket Layer) in conjunction with the highest encryption setting supported by your browser in each case. As a rule, this is 256-bit encryption technology. If your browser does not support 256-bit technology, we use 128-bit v3 encryption instead. The closed key or lock icon in the lower task bar of your browser indicates whether the specific website page is transmitted in an encrypted form.
Moreover, we also use suitable technical and organisational security measures to protect your data from accidental or deliberate manipulation, partial or complete loss, destruction and from unauthorised access by third parties. Our security measures are revised continuously in line with technological development.
11. Updating and making changes to this data protection declaration
This data protection declaration is currently valid and was last updated in February 2023. Because of the development of our website and its offerings or because of changed legal or regulatory requirements, it may become necessary to change this data protection declaration.
You can access and print out the most recent version of the data protection declaration at any time on our website at https://www-dev.lavita.com/privacy.