NovaSOL® ADEK VITAMINS

REGISTERED OFFICE

Register court: Darmstadt
Register number: HRB 85335

VAT-NO.

Value added tax identification number according to §27 a VAT law:
DE 173034404

Responsible for the content according to § 55 Abs. 2 RStV:
Dipl.-Kfm. Frank Behnam
Birkenweg 8-10
64295 Darmstadt/Germany

Webdesign & Coding: KraenkVisuell

DATA PROTECTION DECLARATION

Data Protection is very important for AQUANOVA AG. We handle your personal data confidentially and corresponding to the legal data protection regulations.With the following information, we are giving you a simple overview of what happens with your personal data when you visit our website.

1. GENERAL INFORMATION

Personal data is all data which refers to an identified or identifiable natural person.Processing is every process or every operation sequence in connection with personal data, mainly data recording, data organisation, storage and the destruction of data.You can derive details from Art. 4 No. 1 and 2 GDPR.

With this data protection declaration, we fulfil our obligations towards you as per Art. 12 - Art. 14 GDPR.The text of GDPR is accessible at the following web address: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML...

2. ENCODING OF OUR WEBSITE

This page uses a SSL coding for protection of transferred contents such as e.g. questions in the contact form.But we would like to point out that the data transfer in the internet is always associated with security risks.An absolute protection of your data from access by a third party is not possible.

3. CONTROLLER

The so-called “controller” fulfils several data protection obligations. A natural or legal person is meant here, who decides alone or together with others the purposes and means of processing of personal data (e.g. names, E-mail addresses without change). The responsible authority for data processing on this website is:

AQUANOVA AG
Represented by the Board, Mr Frank Behnam
Birkenweg 8-10
64295 Darmstadt/Germany
Fon: +49 6151 6 69 69-0
Fax: +49 6151 6 69 69-29
E-mail: info@aquanova.de
Internet: www.aquanova.de

4. WEB HOSTING

Our page is hosted by the company Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen.All data which is recorded during the visit to our website and which we have stored is available therefore on the servers of Hetzner Online GmbH or on the servers of their contractually bound partner enterprises.The servers of the Hetzner Online GmbH are in Germany. Hetzner Online GmbH, as controllers, proceed with the user data collected there strictly as per the instruction of AQUANOVA AG.We specify the purpose and means of processing in terms of Art. 28 GDPR.

5. PROCESSING FOR TRANSMISSION OF THE WEBSITE

5.1 RRECORDING OF DATA IN THE SYSTEM

When accessing our website, our system automatically records the information over the computer system, which is transmitted by your browser and stores it temporarily.These include:

• Name of the website retrieved
• Path
• Date and time of retrieval
• Data volume transmitted, notification on successful retrieval
• Browser type and version
• The operating system of the user, reference URL (the previously visited page),
• IP-address and (it is anonymised after 7 days)
• the requesting provider

This data is only used to transmit the content to your browser. This data is not merged with other data sources. The data is also not stored in log files.

5.2 LEGAL BASIS FOR THE PROCESSING

Art. 6 Para. 1 S. 1 letter f) GDPR is the legal basis for the recording of the data.

5.3 PURPOSE OF THE PROCESSING

The recording of the mentioned information by the system is necessary to enable a delivery of website to the user’s computer.For this purpose, the IP address of the user must remain saved for the duration of the session.Our justified interest in the data processing as per Art. 6 Para 1 S. 1 letter f) GDPR also lies in these purposes.

5.4 THE STORAGE DURATION OF THE DATA IN THE SYSTEM AND THE LOG-FILES

Data is not stored. The recording ends as soon as the respective session is ended.

5.5 OPTION OF OBJECTION AND ELIMINATION

The recording of data for the provision of the website and storage of the data in log files is mandatory for the operation of the website.Therefore, the user has no option of objection.

6. COOKIES

6.1 DESCRIPTION AND SCOPE OF DATA PROCESSING

Our website use cookie.Cookies are small text files, which are deposited on your computer and which your browser stores.They contain a characteristic character sequence, which enables a clear identification of the browser at the time of renewed access of the website.

We use technically necessary cookies to make our website more user-friendly. On the one hand, an "XSRF" cookie is set, which in particular prevents JavaScript from being executed on the website from other domains or Ajax requests from being sent to the system. In addition, we set a session cookie which serves to recognize the browser during a continuous browser session. Our site does not set tracking cookies.

6.2 LEGAL BASIS FOR THE PROCESSING

Art. 6 Para. 1 S. 1 letter f) GDPR is the legal basis for the processing of personal data with the use of cookies.

6.3 PURPOSES OF THE DATA PROCESSING

Technically necessary cookies

Simplifying the use of our website is the purpose of technically necessary cookies.We could not have offered some functions of our website without cookies.For these functions, your browser must be recognised even after a page change.

The cookies are used so that the web server holds the connection to the browser of the website visitor and it can be established again e.g. in case of a crash.We will not create any user profile with the user data collected by the technically necessary cookies.

Cookies that are not technically necessary

The use of unnecessary cookies takes place for the purpose of analysis of the user behaviour and also for improving the quality and contents of the website.We can identify how frequently particular pages are visited whereupon no user related data is stored.We can optimise the website offer using the knowledge of how the user uses our website.

Our justified interest in the processing of personal data by technically necessary and not necessary cookies also lies in these purposes, as per Art. 6 Para 1 S. 1 lit.f) GDPR.

6.4 DURATION OF STORAGE, OBJECTION AND ELIMINATION

Cookies are stored only on the computer of the user. Therefore, you, as a user, have the full control on the use of cookies.Storage of cookies can be deactivated or restricted in your browser.In case of deactivation of cookies, the functionality of this website can be restricted.You can manually delete the stored cookies at any time and even activate the automatic deletion of cookies at the time of closing the browser.The cookies used on our sites are, however, anyway deleted at the end of browser session.

7. ESTABLISHMENT OF CONTACT VIA E-MAIL

7.1 SCOPE OF DATA RECORDING

You can contact us via the provided e-mail address. In this case, the personal data of the user transmitted with the E-mail is stored.It goes, at first, to our mail host Webmakers UG, Furthmühlgasse 2, 99084 Erfurt located in Germany and then it is transferred to the exchange server of AQUANOVA AG, which is also in Germany.

7.2 LEGAL BASIS OF THE DATA PROCESSING

Art. 6 Para. 1 letter f GDPR is the legal basis for the processing of data, which is communicated in the course of sending an E-mail.If the E-mail contact aims at the conclusion of a contract, then Art. 6 Para 1 letter b GDPR is additionally also a legal basis for the processing.

7.3 PURPOSE OF THE DATA PROCESSING

The processing of the personal data included in the e-mail at our end is used only for the processing of the establishment of contact.The necessary justified interest in the processing of data which you have sent by e-mail also lies herein.

7.4 STORAGE PERIOD

The data sent by you via e-mail is deleted as soon as we have taken note of your comment or when we have answered your query finally and the conversation is ended.The conversation ends if it can be derived from the circumstances that the concerned issue is conclusively clarified.The data can, however, be stored temporarily as long as it is required for the assertion, exercise and defence of claims or if legal retention requirements exist.

7.5 OPTION OF OBJECTION AND ELIMINATION

If you contact us via E-mail, you can object to the storage of your personal data at any time.In such a case, the conversation cannot, however, be continued.Please contact us via e-mail or contact form for such an objection.All personal data which was stored in the course of the establishment of contact is deleted in this case.The data can be temporarily stored as long as it is required for the assertion, exercise and defence of legal claims or if legal retention requirements exist.

8. WHICH RIGHTS DO YOU HAVE REGARDING YOUR DATA?

You are entitled to obtain information about the source, recipient and purpose of your stored personal data free of cost at any time. Moreover, you particularly have a right to demand correction, blocking or deletion and the restriction of this data. You can contact us at any time at the address mentioned in the masthead for further questions on the topic of data protection. Apart from this, you are entitled to a right of appeal to the relevant supervisory authority. In detail, you are entitled to the following rights:

8.1 RIGHT TO INFORMATION

You can demand a confirmation from the controller as to whether we have processed the personal data concerning you. If this is the case, then you can demand the following information from the controller:

(1) The purpose of processing;

(2) the categories of personal data which are processed;

(3) information about the recipients or the categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;

(4) the planned storage period of the personal data concerning you or if concrete information for this is not possible, then criteria for determining the storage period;

(5) the existence of a right to correction or deletion of the personal data concerning you, of a right to restricting the processing by the controller or of a right to objection against this processing;

(6) the existence of a right to appeal to a supervisory authority;

(7) all available information about the source of data, if the personal data is not collected from the data subject;

(8) existence of an automated decision-making including profiling as per Art. 22 Para 1 and 4 GDPR and – at least in these cases – convincing information about the involved logic and the scope and intended effects of similar processing for the data subject.

You have the right to demand information as to whether the personal data concerning you is conveyed to a third country or an international organisation. In this context, you can demand information about the appropriate guarantees as per Art. 46 GDPR in connection with the communication.

8.2 RIGHT TO CORRECTION

You have a right to correction against the controller, insofar as the processed personal data concerning you is incorrect. If the data is incomplete, then you have the right to completion. The controller must make the correction immediately.

8.3 RIGHT TO RESTRICTION OF PROCESSING

GDPR provides a right to restriction of personal data. If the processing of the personal data concerning you is restricted, then this data – irrespective of its storage – may be processed only with your consent or for the assertion, exercise or defence of legal claims or for the protection of rights of another natural or legal person or due to reasons of an important public interest of the Union or of a member state.

If the restriction of the processing is limited by the above-mentioned pre-requisites, then the controller informs you before the restriction is cancelled.

You can demand the restriction of processing under the following pre-requisites:

(1) If you dispute the correctness of the personal data concerning you for a period, which enables us as controller to check the correctness of the personal data;

(2) if the processing is illegal and if you refuse the deletion of personal data and instead of this, demand from us the restriction of the use of personal data;

(3) if we, as controller, no longer require the personal data for processing, however, you require it for the assertion, exercise or defence of legal claims or

(4) if you have raised an objection against the processing as per Art. 21 Para 1 GDPR but it is not yet determined whether the justifiable reasons of the controller outweigh your reasons.

8.4 RIGHT TO DELETION

Deletion obligation

You can demand from us, as controller, that the personal data concerning you should be immediately deleted and we are obliged to delete this data immediately, insofar as one of the following reasons apply:

(1) The personal data concerning you is no longer required for the purposes for which it was recorded or processed in another way.

(2) You revoke your consent on which the processing as per Art. 6 Para. 1 lit. a or Art. 9 Para 2 letter a GDPR was based and another legal basis for the processing is missing.

(3) You file an objection as per Art. 21 Para 1 GDPR against the processing and no overriding legitimate reasons are given for the processing, or you file an objection as per Art. 21 Para 2 GDPR against the processing.

(4) The personal data concerning you was illegally processed.

(5) The deletion of the personal data concerning you is required for fulfilling the legal obligation as per the Union law or as per the law of the member state to which the controller is subject.

(6) The personal data concerning you was collected with reference to the offered services of the information company as per Art. 8 Para 1 GDPR.

Information to a third party

If the controller discloses the personal data concerning you publicly and if he is obliged to its deletion as per Art. 17 Para 1 GDPR, then he takes appropriate measures under consideration of the available technology and implementation costs, even of a technical nature, to inform the controller for the data processing who processes personal data that you, as data subject, have demanded a deletion of all links to this personal data or of copies and replications of these personal data.

Exceptions

The right to deletion does not exist insofar as the processing is required

(1) for exercising the right for free expression of opinion and information;

(2) for fulfilling a legal obligation, which requires the processing as per the law of the Union or of the member states to which the controller is subject, or for performing a task which lies in the public interest or is carried out in the exercise of official authority, which was transferred to the controller;

(3) due to reasons of public interest in the field of local health as per Art. 9 Para. 2 lit. h and i and also Art. 9 Para 3 GDPR;

(4) for archiving purposes that lie in the public interest, scientific or historical research purposes, or for statistical purposes as per Art. 89 Para 1 GDPR, insofar as the law mentioned under Para a) probably makes the implementation of goals of this processing impossible or seriously hampers them or

(5) for the assertion, exercise or defence of legal claims.

8.5 RIGHT TO INFORMATION

If you have asserted the right to correction, deletion or restriction of processing against the controller, then he is obliged to communicate to all the recipients to whom your personal data was disclosed this correction or deletion of data or restriction of processing, unless it proves to be impossible or associated with disproportionate expense. You are also entitled to obtain information about the recipients from the controller.

8.6 RIGHT TO DATA TRANSFERABILITY

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, conventional and machine-readable format. Apart from this, you have the right to transfer this data to another controller without any obstacle from the controller to whom you had provided the personal data, insofar as

(1) the processing is based on a consent as per Art. 6 Para 1 letter a GDPR or Art. 9 Para 2 letter a GDPR or based on a contract as per Art. 6 Para 1 letter b GDPR and

(2) the processing takes place with the help of an automated process.

While exercising this right, you also have the right to effect that the personal data concerning you is transferred directly from one controller to another controller, insofar as it is technically feasible. Freedoms and rights of other persons should not be impaired by this.

The right to data transferability is not applicable for a processing of personal data which is required for performing a task that lies in the public interest or which takes place in exercise of public authority, which was transferred to the controller.

8.7 RIGHT TO OBJECT

You have the right to file an objection for reasons which result from your particular situation, against the processing of personal data concerning you at any time, which takes place based on Art. 6 Para. 1 letter e or f GDPR; this is also applicable for a profiling based on these regulations. The controller no longer processes the personal data concerning you, unless he can establish the compelling legitimate grounds for the processing, which outweigh your interests, rights and freedom or the processing is used for the assertion, exercise and defence of legal claims.

If the personal data concerning you is processed to carry out direct advertising, then you are entitled to file an objection anytime against the processing of the personal data concerning you for such advertisement; this is also applicable for profiling insofar as it is connected with such direct advertisement.

If you revoke the processing for direct advertising, then the personal data concerning you will no longer be processed for this purpose.

You have the option of exercising the right to objection with the help of an automated process, in which the technical specifications are used, in connection with the use of services of the information company – irrespective of guideline 2002/58/EG.

8.8 RIGHT TO REVOKE THE DATA PROTECTION CONSENT DECLARATION

You are entitled to revoke the data protection consent declaration at any time. By revoking the consent, the legality of the processing that took place on the basis of the consent till the revocation is not affected.

8.9 AUTOMATED DECISION IN AN INDIVIDUAL CASE INCLUDING PROFILING

You have the right not to be subject to a decision based exclusively on an automated processing – including profiling – which has a legal effect on you or hampers you considerably in a similar way. This is not applicable, if the decision

(1) is required for conclusion or fulfilment of a contract between you and the controller

(2) based on legal regulations of the Union or of the member states, to which controller is subject, is permissible and these legal regulations include appropriate measures for safeguarding your rights and freedoms and your legitimate interests or

(3) takes place with your explicit consent.

However, these decisions should not be based on special categories of personal data as per Art. 9 Para 1 GDPR, insofar Art. 9 Para. 2 letter a or g is not applicable and appropriate measures were undertaken for the protection of rights and freedoms and also your legitimate interests.

Regarding the cases mentioned in (1) and (3), the controller takes appropriate measures to safeguard the rights and freedoms and also your legitimate interests, which include the right to obtain human intervention on the part of the controller, the right to present one’s own point of view and the right to challenge the decision.

8.10 RIGHT TO APPEAL TO A SUPERVISORY AUTHORITY

Irrespective of other administrative or judicial legal remedies, you have the right to appeal to a supervisory authority particularly in the member state of your residence, your work place or at the location of the supposed breach, if you believe the processing of the personal data concerning you has breached the GDPR.

The supervisory authority to which the appeal was submitted informs the plaintiff about the status and the results of the appeal including the option of legal remedy as per Art. 78 GDPR.

The responsible supervisory authority in data protection matters is the data protection officer of the Federal State in which our enterprise is located. A list of data protection officers and their contact data is available at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_L....