Privacy Policy

The controller responsible for data processing is:

EcomGalaxy Limited Unit 2a, 17/F, Glenealy Tower No. 1 Glenealy, Central Hong Kong

Represented by Managing Director
Sarah Jane Marquez
Commercial Register: Hong Kong Companies Registry
Registration Number (BRN): 75581522-000-08-23-6
Phone: +49 1714933303
E-Mail: info@naturvibes.de

We are pleased about your interest in our online shop. The protection of your privacy is very important to us. Below we provide you with detailed information on how we handle your data.

  1. Access Data and Hosting

You can visit our websites without providing any personal information. Each time a website is accessed, the web server automatically stores a so-called server log file, which contains, for example, the name of the requested file, your IP address, date and time of the request, data volume transferred and the requesting provider (access data), and documents the retrieval.

This access data is evaluated exclusively for the purpose of ensuring smooth operation of the site and improving our offering. This serves, pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, to protect our legitimate interests in the correct presentation of our offering, which prevail in the context of a balancing of interests. All access data is deleted no later than seven days after the end of your visit to the site.

  1. Data Collection and Use for Contract Processing, Contact and Opening a Customer Account

We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such, as we require this data in these cases to process the contract or handle your enquiry, and without it you cannot submit the order or contact request. The data collected can be seen from the respective input forms. We use the data you provide pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR for contract processing and handling your requests. Where you have given your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to open a customer account, we use your data for the purpose of opening the customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted from further processing and deleted after expiry of the retention periods required under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this in a manner permitted by law and about which we inform you in this statement. Deletion of your customer account is possible at any time and can be carried out either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.

  1. Data Transfer

For the fulfilment of the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we pass your data on to the shipping company commissioned with the delivery, to the extent necessary for the delivery of ordered goods. Depending on which payment service provider you select during the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us, or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, provided you have set up an account with them. In this case, you must log in with your access data to the payment service provider during the ordering process. In this regard, the privacy policy of the respective payment service provider applies.

We use a shipping service provider whose registered office is in a country outside the European Union. The transfer of personal data to this company takes place only to the extent necessary for the fulfilment of the contract.

The same applies to the transfer of data to our manufacturers or wholesalers in cases where they handle shipping on our behalf (drop shipping).

  1. E-Mail Newsletter

E-mail advertising with newsletter registration If you sign up for our newsletter, we use the data required for this purpose or separately provided by you to regularly send you our e-mail newsletter based on your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.

You can unsubscribe from the newsletter at any time, either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the recipient list, unless you have expressly consented to further use of your data or we reserve the right to use your data beyond this in a manner permitted by law and about which we inform you in this statement.

  1. Social Media

Our online presence on Facebook, Instagram

Our presence on social networks and platforms serves to improve active communication with our customers and interested parties. We provide information there about our products and ongoing special offers. When you visit our online presences on social media, your data may be automatically collected and stored for market research and advertising purposes. So-called usage profiles are created from this data using pseudonyms. These can be used, for example, to place advertisements inside and outside the platforms that presumably correspond to your interests. For this purpose, cookies are generally placed on your device. Visitor behaviour and the interests of users are stored in these cookies. This serves, pursuant to Art. 6 para. 1 lit. f GDPR, to protect our legitimate interests in an optimised presentation of our offering and effective communication with customers and interested parties, which prevail in the context of a balancing of interests. If you are asked by the respective social media platform operators for consent to data processing, e.g. by means of a checkbox, the legal basis for data processing is Art. 6 para. 1 lit. a GDPR. Where the aforementioned social media platforms are headquartered in the USA, the following applies: Data transfer is carried out either on the basis of the EU-US Data Privacy Framework (adequacy decision of the European Commission of 10 July 2023) or — for providers without DPF certification — on the basis of the Standard Contractual Clauses issued by the EU Commission (Implementing Decision (EU) 2021/914). A current DPF certificate of the respective provider can be viewed at https://www.dataprivacyframework.gov/list.

Historical note: The EU-US Privacy Shield, declared invalid by the European Court of Justice in its ruling of 16 July 2020 (Case C-311/18 "Schrems II"), has been superseded by the DPF successor decision (2023-07-10).

Facebook: https://www.facebook.com/about/privacy/ Data processing is carried out on the basis of an agreement between joint controllers pursuant to Art. 26 GDPR, which you can view here. Further information on data processing in the context of visiting a Facebook fan page (information on Insights data) can be found here.

Instagram: https://help.instagram.com/519522125107875

Google: https://business.safety.google/intl/de/privacy/

Opt-Out Options:

Facebook: https://www.facebook.com/settings?tab=ads

Instagram: https://help.instagram.com/519522125107875

  1. Contact Options and Your Rights

As a data subject, you have the following rights:

Pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein; Pursuant to Art. 16 GDPR, the right to immediately request the correction of inaccurate or completion of your personal data stored by us; Pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is required: to exercise the right to freedom of expression and information; to fulfil a legal obligation; for reasons of public interest; or for the establishment, exercise or defence of legal claims; Pursuant to Art. 18 GDPR, the right to request the restriction of processing of your personal data where: the accuracy of the data is contested by you; the processing is unlawful but you oppose its deletion; we no longer need the data but you require it for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to Art. 21 GDPR; Pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format, or to request its transmission to another controller; Pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company's registered office for this purpose.

For questions regarding the collection, processing or use of your personal data, for information, correction, restriction or deletion of data, as well as withdrawal of given consents or objection to a specific use of data, please contact us directly using the contact details in our legal notice.

Right to Object To the extent that we process personal data as described above to protect our legitimate interests that prevail in the context of a balancing of interests, you may object to this processing with effect for the future. If processing is carried out for direct marketing purposes, you may exercise this right at any time as described above. Where processing is carried out for other purposes, you only have a right to object if there are reasons arising from your particular situation.

After exercising your right to object, we will no longer process your personal data for these purposes, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or where processing serves the establishment, exercise or defence of legal claims.

This does not apply where processing is carried out for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.