Skip to content
TO THE SHOP

Privacy Policy

Name and contact details of the controller

QURV GmbH
Eck Street 26
66557 Illingen

Management: Julia Schmidt & Sascha Ningel

Phone: 0049 1573 71 50 859
E-Mail: info@qurv.de

 

Security and protection of your personal data

We consider it our top priority to maintain the confidentiality of the personal data you provide and to protect it from unauthorized access. Therefore, we apply the utmost care and state-of-the-art security standards to ensure maximum protection of your personal data.

As a private company, we are subject to the provisions of the European General Data Protection Regulation (GDPR) and the regulations of the Federal Data Protection Act (BDSG). We have implemented technical and organizational measures to ensure that data protection regulations are observed by us and by our external service providers.

Definitions

The legislator requires that personal data be processed lawfully, fairly, and in a transparent manner in relation to the data subject („Lawfulness, fairness and transparency“). To ensure this, we inform you about the individual legal definitions that are also used in this privacy policy:

Personal data

„Personal data“ means any information relating to an identified or identifiable natural person („data subject“); a natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2. Processing

„Processing“ means any operation or set of operations performed on personal data, whether or not by automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing or destroying.

3. Restriction of processing

„Restriction of processing“ means the marking of stored personal data with the aim of restricting their future processing.

4. Profiling

„Profiling“ means any automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements of that natural person.

5. Pseudonymization

„Pseudonymization“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

6. File System

„Filing system“ means any structured collection of personal data which is accessible according to defined criteria, regardless of whether that collection is centralized, decentralized or distributed on a functional or geographical basis.

7. Responsible Party

„Controller“ means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of that processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

8. Order Processor

„Processor“ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

9. Recipient

„Recipient“ means a natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether a third party or not. However, authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of the data by those authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

10. Third

„Third party“ means a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process the personal data.

11. Consent

„Consent“ of the data subject is any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Lawfulness of processing

The processing of personal data is lawful only if there is a legal basis for the processing. According to Article 6 (1) lit. a-f GDPR, the legal basis for processing may in particular be:

  • The data subject has given their consent to the processing of their personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary to protect the vital interests of the data subject or another natural person;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child;
  • the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
  • The legal basis for processing your health data is Article 9(2)(h) of the GDPR in conjunction with Section 22(1) No. 1(b) of the Federal Data Protection Act. 

Information about the collection of personal data

(1) In this privacy policy, we inform you about the collection of personal data when using our website. Personal data includes, for example, name, address, email addresses, and user behavior. 

(2) When you contact us by email or via a Contact form The data you provide (your email address, your name and phone number if applicable) will be stored by us in order to answer your questions. We will delete the data incurred in this context when storage is no longer necessary, or restrict its processing if there are statutory retention obligations. The legal basis for processing the data, with your consent, is Art. 6(1)(a) GDPR. The legal basis for processing the data transmitted in the course of sending an email is Art. 6(1)(f) GDPR. If the email contact aims at the conclusion of a contract, the additional legal basis for processing is Art. 6(1)(b) GDPR.

Collection of personal data when visiting our website

For purely informational use of the website, meaning if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6(1)(f) GDPR): 

  • IP Address
  • Date and time of request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the requirement (specific page)
  • Access Status/HTTP Status Code
  • transferred data volume
  • Website from which the request originates
  • Browser
  • Operating system and its user interface
  • Browser language and version.

Use of Cookies

(1) In addition to the data mentioned above, cookies will be stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive, associated with the browser you are using, and through which the entity that sets the cookie receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet offering more user-friendly and effective overall. The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR. The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized again even after a page change.

(2) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient Cookies (continued a.)
  • Persistent Cookies (see b.)

a) Transient cookies, including session cookies, are automatically deleted when you close your browser. These cookies store a session ID that links different requests from your browser to a common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies are automatically deleted after a predetermined period, which can vary depending on the cookie. You can delete cookies at any time in your browser's security settings.

c) You can configure your browser settings according to your preferences and, for example, refuse the acceptance of third-party cookies or all cookies. So-called „third-party cookies“ are cookies that have been set by a third party, and therefore not by the actual website you are currently on. Please note that by disabling cookies, you may not be able to use all functions of this website.

Further features and offers on our website

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. As a general rule, you will need to provide further personal data, which we will use to provide the respective service and to which the aforementioned data processing principles apply.

(2) We sometimes use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored.

(3) Where our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.

Children

Our services are generally aimed at adults. Persons under 18 years of age should not submit personal data to us without the consent of a parent or legal guardian.

Data subject rights

(1) Revocation of consent

If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent prior to its withdrawal.

You can contact us at any time to exercise your right of withdrawal.

Right to confirmation

 You have the right to obtain confirmation from the controller as to whether personal data concerning you is being processed. You can request this confirmation at any time using the contact details provided above.

(3) Right to information 

If personal data is being processed, you can request information about this personal data and the following information at any time:

  • the processing purposes;
  • the categories of personal data processed;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration;
  • the right to rectification or erasure of personal data concerning you or to restrict the processing of such data by the controller, or a right to object to such processing;
  • The existence of a right to complain to a supervisory authority;
  • if the personal data are not collected from the data subject, all available information as to the source of the data;
  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and—at least in these cases—meaningful information about the logic involved, as well as the scope and the intended implications of such processing for the data subject.

When personal data are transferred to a third country or an international organization, you have the right to be informed about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer. We provide a copy of the personal data that are subject to processing. For any further copies you request, we may charge a reasonable fee based on administrative costs. If the request is submitted electronically, the information shall be provided in a commonly used electronic format, unless you indicate otherwise. The right to obtain a copy pursuant to paragraph 3 shall not adversely affect the rights and freedoms of others.

(4) Right to rectification   

You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of a supplementary statement.

(5) Right to erasure („right to be forgotten“)

You have the right to request that personal data concerning you be erased without delay by the controller, and we are obliged to erase personal data without delay if one of the following grounds applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • The data subject withdraws their consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
  • The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.
  • The personal data was processed unlawfully.
  • The processing of personal data is necessary for compliance with a legal obligation to which the controller is subject under Union or Member State law.
  • The personal data was collected in relation to information society services offered, pursuant to Article 8(1) of the GDPR.

If the controller has made personal data public and is obliged to erase that data pursuant to paragraph 1, he shall take reasonable steps, including technical measures, having regard to the technology available and the cost of implementation, to inform other controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

The right to erasure („right to be forgotten“) shall not apply to the extent that processing is necessary:

  • to exercise the right to freedom of expression and information;
  • to fulfill a legal obligation to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health, in accordance with Article 9(2)(h) and (i) and Article 9(3) of the GDPR;
  • for archival purposes in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89(1) of the GDPR, provided that the right referred to in paragraph 1 is likely to render impossible the achievement of the objectives of this processing or seriously impairs them, or
  • for the assertion, exercise, or defense of legal claims.

Right to restrict processing 

You have the right to request that we restrict the processing of your personal data if any of the following conditions are met:

  • the accuracy of the personal data is disputed by the data subject, for a period that allows the controller to verify the accuracy of the personal data,
  • the processing is unlawful and the data subject objects to the erasure of the personal data and requests restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of processing, but the data subject needs them for the establishment, exercise or defence of legal claims, or
  • the data subject has lodged an objection to the processing pursuant to Article 21(1) GDPR, as long as it has not yet been established whether the legitimate grounds of the controller override those of the data subject.

If processing has been restricted in accordance with the above conditions, then these personal data shall—apart from being stored—only be processed with the consent of the data subject, or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.

To exercise the right to restrict processing, the data subject may contact us at any time using the contact details provided above.

(7) Right to data portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, common and machine-readable format, and you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that:

  • the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, or on a contract pursuant to Article 6(1)(b) GDPR, and
  • processing is carried out using automated procedures.

When exercising the right to data portability pursuant to paragraph 1, you have the right to obtain the transfer of personal data directly from one controller to another, provided it is technically feasible. The exercise of the right to data portability shall not affect the right to erasure („right to be forgotten“). This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

(8) Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling if it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for these purposes.

In connection with the use of information society services, you may exercise your right to object by means of automated procedures using technical specifications, notwithstanding Directive 2002/58/EC.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or statistical purposes pursuant to Article 89(1), unless the processing is necessary for the performance of a task carried out for reasons of public interest.

You can exercise your right of objection at any time by contacting the respective data controller.

(9) Automated decision-making in individual cases, including profiling

You have the right not to be subjected to a decision based exclusively on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

  • necessary for the conclusion or performance of a contract between the data subject and the controller,
  • on the basis of Union or Member State law to which the controller is subject, which lays down appropriate measures to safeguard the data subject's rights and freedoms and legitimate interests; or
  • with the explicit consent of the data subject.

The controller shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention by the controller, to express one's point of view, and to contest the decision.

The data subject may exercise this right at any time by contacting the respective controller.

(10) Right to lodge a complaint with a supervisory authority

In addition, and without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes this Regulation.

(11) Right to an effective remedy

Without prejudice to any other administrative or judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 of the GDPR, you have the right to an effective judicial remedy if you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation.

Embedded YouTube Videos
Some of our web pages embed YouTube videos. The operator of the respective plugins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plugin, a connection is established to YouTube's servers. YouTube is informed which pages you are visiting. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video starts, the provider uses cookies that collect information about user behavior.
Those who have deactivated the saving of cookies for the Google ad program will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personally identifiable usage information in other cookies. If you want to prevent this, you must block the saving of cookies in your browser.
Further information on data protection at „YouTube“ can be found in the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

Data processor

We use external service providers (contract processors) for, for example, shipping goods, newsletters, or payment processing. A separate data processing agreement has been concluded with the service provider to ensure the protection of your personal data.

We work with the following service providers:

  • DZ-Event Technology and Web Design, Dustin Zahler, Langgewann 12, 66265 Heusweiler

Encrypted payment transactions on this website

If there is an obligation to submit your payment details (e.g., bank account number for direct debit) after concluding a paid contract, these details are required for payment processing.

Payment transactions using common payment methods (Visa/MasterCard, direct debit) are exclusively processed via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the browser's address bar changes from „http://“ to „https://“ and by the padlock icon in your browser bar.

With encrypted communication, your payment details, which you submit to us, cannot be read by third parties.

Data transmission upon conclusion of a contract for services

We only transmit personal data to third parties if it is necessary for the purpose of contract processing, for example, to the credit institution charged with payment processing.

Further transmission of the data will not occur, or will only occur if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6(1)(b) GDPR, which permits the processing of data for the performance of a contract or for pre-contractual measures.

Payment services

We integrate payment services from third-party companies on our website. When you make a purchase from us, your payment details (e.g., name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective terms and conditions and data protection regulations of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6(1)(b) GDPR (contract fulfillment) as well as in the interest of the smoothest, most convenient, and secure payment process possible (Art. 6(1)(f) GDPR). Where your consent is requested for specific actions, Art. 6(1)(a) GDPR is the legal basis for data processing; consents can be withdrawn at any time with future effect.

We use the following payment services / payment service providers on this website:

PayPal

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as „PayPal“).

Data transfers to the USA are based on the EU Commission's Standard Contractual Clauses. You can find details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Please refer to PayPal's Privacy Policy for details. https://www.paypal.com/de/webapps/mpp/ua/privacy-full.