Privacy Policy

Privacy Notice pursuant to Art. 13 GDPR

Name and Address of the Responsible Party

Responsible entity within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is:

Name of the Representative or Company Name

ROSAMIX UG

Haslacher Straße 1/1

89081 Ulm

Email: info@rosamix.de

General Information on Data Processing

Legal Basis for the Processing of Personal Data

Pursuant to Art. 13 GDPR, we inform you about the legal bases of our data processing. If the legal basis is not explicitly stated in the privacy notice, the following applies:
The legal basis for obtaining consents is Art. 6 para. 1 lit. a in conjunction with Art. 7 GDPR. The legal basis for processing to fulfill our services and carry out contractual measures as well as to respond to inquiries is Art. 6 para. 1 lit. b GDPR. The legal basis for processing to fulfill our legal obligations is Art. 6 para. 1 lit. c GDPR. If processing your data is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights, and freedoms of the data subject do not outweigh this interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing. In cases where vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

Data Deletion and Storage Duration

We adhere to the principles of data minimization according to Art. 5 para. 1 lit. c GDPR and storage limitation according to Art. 5 para. 1 lit. e GDPR. We store your personal data only as long as necessary to achieve the purposes stated here or as required by the retention periods prescribed by law. After the respective purpose ceases to apply or after these retention periods expire, the corresponding data will be deleted as soon as possible.

External Links

This website may contain links to third-party websites or to other websites outside our responsibility. If you follow a link to one of the websites outside our responsibility, please note that these websites have their own privacy information. We assume no responsibility or liability for these external websites and their privacy notices. Therefore, please check before using these websites whether you agree with their privacy policies.

You can recognize external links either by their color being slightly different from the rest of the text or by being underlined. Your cursor will indicate external links when you hover over such a link. Only when you click on an external link will your personal data be transferred to the link target. In doing so, the operator of the other website will receive, in particular, your IP address, the time you clicked the link, the page on which you clicked the link, and other information that you can find in the privacy notices of the respective provider.

Please also note that some links may lead to data transfers outside the European Economic Area. This could allow foreign authorities access to your data. You may not have legal remedies against such data access. If you do not want your personal data to be transferred to the link target or to be exposed to unwanted access by foreign authorities, please do not click on any links.

Rights of the data subject

As a data subject under the GDPR, you have the possibility to assert various rights. The data subject rights arising from the GDPR are the right of access (Article 15), the right to rectification (Article 16), the right to erasure (Article 17), the right to restriction of processing (Article 18), the right to object (Article 21), the right to lodge a complaint with a supervisory authority, and the right to data portability (Article 20).

Right of withdrawal:

Some data processing can only take place with your explicit consent. You have the option to revoke your given consent at any time. However, the lawfulness of the data processing up to the revocation is not affected by this.

Right to object:

If the processing is based on Art. 6(1)(e) or (f) GDPR, you as the data subject have the right to object at any time to the processing of your personal data concerning you for reasons arising from your particular situation. This right also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR. If we cannot demonstrate a legitimate interest for the processing that outweighs your interests, rights, and freedoms or if the processing serves the assertion, exercise, or defense of legal claims, we will cease processing your data after your objection.

If the processing of personal data serves direct marketing purposes, you also have the right to object at any time. The same applies to profiling related to direct marketing. In such cases, we will no longer process personal data once you object.

Right to complain to a supervisory authority:

If you believe that the processing of your personal data violates the GDPR, you have the right to file a complaint with a supervisory authority, especially in the member state of your residence, workplace, or the location of the alleged violation, without prejudice to any other administrative or judicial remedy.

Right to data portability:

If your data is processed automatically based on consent or contract fulfillment, you have the right to receive this data in a structured, common, and machine-readable format. You also have the right to request the transfer and provision of the data to another controller, as far as technically feasible.

Right to information, correction, and deletion:

You have the right to obtain information about your processed personal data regarding the purpose of data processing, the categories, the recipients, and the storage duration. If you have questions on this topic or other issues concerning personal data, you can of course contact us using the contact options provided in the imprint.

Right to restriction of processing:

You can assert the restriction of processing your personal data at any time. To do so, you must meet one of the following conditions:

You dispute the accuracy of the personal data. For the duration of the accuracy verification, you have the right to request a restriction of processing.
If processing is unlawful, you can request a restriction on the use of the data as an alternative to deletion.
If we no longer need your personal data for the purposes of processing, but you need the data to assert, exercise, or defend legal claims, you can request a restriction of processing as an alternative to deletion.
If you object to the processing pursuant to Art. 21 para. 1 GDPR, a balancing of your interests and ours will be carried out. Until this balancing has taken place, you have the right to request the restriction of processing.

A restriction of processing means that the personal data may only be processed, apart from storage, with your consent or for asserting, exercising, or defending legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a member state.

Provision of the website (web host)

Our website is hosted by:

Shopify International Ltd.
2nd Floor 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32
Ireland

The server location is Canada.

When you access our website, we automatically collect and store information in so-called server log files. This information is automatically transmitted by your browser to our server or to the server of our hosting company.

These are:

IP address of the website visitor's end device
Device used
Hostname of the accessing computer
Visitor's operating system
Browser type and version
Name of the retrieved file
Time of the server request
Amount of data
Information on whether the data retrieval was successful

This data is not merged with other data sources.

Instead of operating this website on our own server, we can also have it operated on the server of an external service provider (hosting company), which we have named above. The personal data collected by this website is then stored on the servers of the hosting company. In addition to the data mentioned above, the web host also stores, for example, contact inquiries, contact details, names, website access data, meta and communication data, contract data, and other data generated via a website on our behalf.

The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the technically error-free display and optimization of this website. If the website is accessed to enter into contract negotiations with us or to conclude a contract, it serves as an additional legal basis (Art. 6 para. 1 lit. b GDPR). In the event that we have commissioned a hosting company, there is a contract for order processing with this service provider.

Use of Local Storage Items, Session Storage Items, and Cookies

Our website uses Local Storage Items, Session Storage Items, and/or cookies. Local Storage is a mechanism that allows data to be stored within the browser on your device. This data usually includes user preferences, such as the "day" or "night mode" of a website, and remains until you manually delete the data. Session Storage is very similar to Local Storage, but the storage duration only lasts during the current session, i.e., until the current tab is closed. After that, the Session Storage Items are deleted from your device. Cookies are information that a web server (server providing web content) stores on your device to identify this device. They are either temporarily stored for the duration of a session (session cookies) and deleted after your visit to a website or permanently stored (persistent cookies) on your device until you delete them yourself or an automatic deletion occurs through your web browser.

These objects can also be stored on your device by third parties when you visit our site (third-party requests). This enables us as the operator and you as a visitor of this website to use certain services from third parties installed on this website. Examples include processing payment services or displaying videos.

These mechanisms have a variety of uses. They can improve the functionality of a website, control shopping cart functions, increase the security and convenience of website use, and conduct analyses regarding visitor flows and behavior. Depending on the individual functions, they must be classified under data protection law. If they are necessary for the operation of the website and intended to provide certain functions (shopping cart function) or serve to optimize the website (e.g., cookies to measure visitor behavior), their use is based on Art. 6 para. 1 lit. f GDPR. As the website operator, we have a legitimate interest in storing Local Storage Items, Session Storage Items, and cookies for the technically error-free and optimized provision of our services. In all other cases, the storage of Local Storage Items, Session Storage Items, and cookies only takes place with your explicit consent (Art. 6 para. 1 lit. a GDPR).

If Local Storage Items, Session Storage, or cookies from third parties or for analysis purposes are used, we will inform you separately about this within the scope of this privacy notice. Your required consent will be requested and can be revoked at any time.

Use of External Services

External services are used on our website. External services are third-party services used on our website. This can be for various reasons, such as embedding videos or website security. When using these services, personal data is also passed on to the respective providers of these external services. If we do not have a legitimate interest in using these services, we obtain your revocable consent as a visitor to our website before use (Art. 6 para. 1 lit. a GDPR).

Analytics

To analyze user behavior, we process personal data of website visitors. By evaluating the collected data, we can compile information about the use of individual components of our website. This allows us to improve the user-friendliness of our website. Using the analysis tools employed, user profiles could be created for displaying targeted or interest-based advertising messages, our website visitors could be recognized on their next visit, their click/scroll behavior and downloads measured, heatmaps created, page views recognized, visit duration or bounce rates measured, and the origin of website visitors (city, country, from which site the visitor comes) traced. With the help of the analysis tools, we can improve our market research and marketing activities.

Processing only occurs if you consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent (Art. 6 para. 1 lit. a GDPR). Without your consent, data processing as described above does not take place. If you revoke your consent (e.g., via the consent banner or other options provided on this website), we will stop this data processing. The lawfulness of the processing carried out up to the revocation remains unaffected.

Shopify Analytics

We use the Shopify Analytics service on our website. The service provider is Shopify International Ltd., 2nd Floor 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.

Using the service may result in data transfer to a third country (Canada). The European Commission has confirmed an adequate level of data protection for this country by an adequacy decision.

Further information can be found in the provider's privacy information at the following URL: https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0.

Elfsight

We use the services of elfsight on our website. The service provider is SP Iusupov A.A., Paronyana str 19/3, 201, Yerevan 0015, Armenia.

Data transfer to third countries is based on the EU Commission's standard contractual clauses. Details can be found here: https://elfsight.com/privacy-policy/ and https://help.elfsight.com/article/418-elfsight-and-gdpr.

Privy

We use the services of privy on our website. The service provider is Privy Operations, LLC. 6 Liberty Square. PMB 6112. Boston, MA 02109.

Data transfer to third countries is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.privy.com/privacy-policy.

loox

We use the services of loox on our website. The service provider is Loox Online Ltd.

Data transfer to third countries is based on the EU Commission's standard contractual clauses. Details can be found here: https://loox.app/legal/privacy-policy-merchants.

Bundler

We use the services of bundler on our website.

Data transfer to third countries is based on the EU Commission's standard contractual clauses. Details can be found here: https://bundler.app/legal/privacy-policy

Consent Management

To comply with data protection requirements, we use a consent management tool on our website. With this tool, we obtain the necessary consents for setting cookies or using external services. The consents are stored.

The processing is necessary to fulfill a legal obligation to which the controller (website operator) is subject. Therefore, Art. 6 para. 1 lit. c GDPR is used as the legal basis for processing.

Webshop

We offer you our products and/or services through our webshop. In the context of product and/or service sales, we collect, process, and use your personal data (e.g., your name, contact details, but also access times, device information, or your IP address) to handle the purchase and payment process.

We base this processing on a legitimate interest (Art. 6 para. 1 lit. f GDPR).

Our legitimate interest lies in the error-free presentation and optimization of our webshop.

Shopify

We use the Shopify service on our website. The service provider is Shopify International Ltd., 2nd Floor 1–2 Victoria Buildings, Haddington Road, Dublin 4, D04 XN32, Ireland.

Using the service may result in data transfer to a third country (Canada). The European Commission has confirmed an adequate level of data protection for this country by an adequacy decision.

As part of using Shopify, we use templates from Fluorescent Design Inc,

Further information can be found in the provider's privacy information at the following URL:

https://www.shopify.com/legal/privacy?shpxid=1c1444d0-C70E-43BB-AD1E-BB3774A7C8C0.

Contact form

On our website, there is the option to notify us via a contact form. For contact through this form, your contact details are particularly required.

The legal basis here refers to processing for the purpose of contract fulfillment or pre-contractual measures according to Art. 6 para. 1 lit. b GDPR. Additionally, a legitimate interest may exist to maintain business relationships or to respond to your request for other reasons.

The legal basis for processing your data in this case would be Art. 6 para. 1 lit. f GDPR.

The data will be deleted once we have fully answered your request and no other retention obligations prevent this.

Telephone contact or email contact

In accordance with legal requirements, we have provided a phone number and email address on our website. The data transmitted via these channels is automatically stored by us to process inquiries or to contact the requesting person. This data will not be shared with third parties without consent.

If contact is made by phone or via our email address for pre-contractual or contractual purposes, the processing of personal data is based on the legal basis of Art. 6 para. 1 lit. b GDPR. For all other contacts from you, the processing of personal data by us is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR.

Presence on Facebook

Social networks process personal data of their users extensively. When visiting our profiles, among other things, your IP address and other information about your devices used are processed, which allows the assignment of IP addresses to individual users. We have no influence on this data processing. Please note that you use our profiles on social networks and their functions at your own responsibility. Details about data processing can be found in the operator's privacy policy.

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

The purpose of our profiles on social media platforms is to expand our online presence and thereby increase awareness. Therefore, the legal basis is legitimate interest according to Art. 6 para. 1 lit. f GDPR. Furthermore, regarding the processing activities by the social networks, their own legal bases (e.g., consent according to Art. 6 para. 1 lit. a GDPR) apply, which you can find in the respective privacy policy.

In principle, we are jointly responsible with the social media platform for the data processing operations triggered when visiting our profile. Therefore, you can assert your data subject rights according to Art. 15ff GDPR both against the social media platform and against us. However, we point out that we have no influence on the data processing by the social media platform.

Presence on Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Detailed information about the handling of personal data can be found in the following privacy policy of Instagram: https://help.instagram.com/519522125107875.

Presence on TikTok

We have a profile on TikTok. The provider of this service is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland.

Detailed information about the handling of personal data can be found in the following privacy policy of TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/de.

Registration on the website

Visitors have the option to register on our website. For this, the provision of personal data is necessary. Registration enables the offering of services or content that require special information about you. These personal data are processed and stored exclusively for the use of the respective service or offer. The purpose of processing is the fulfillment of pre-contractual services, contract fulfillment, or customer care.

Storage of this data generally occurs for the period during which you are registered on our website. Any longer storage may take place if required by legal provisions.

The processing described above in this subsection is based on the legal basis of consent (Art. 6 para. 1 lit. a GDPR). The data subject has agreed to the processing of their personal data with their voluntary, explicit, and prior consent. We proceed similarly if data subjects revoke their consent.

If registration on the website is necessary to process contract-related content, we rely on the legal basis for fulfilling a contract according to Art. 6 para. 1 lit. b GDPR.

Payment service providers

We integrate payment services from a company specialized in these services on our website. When you make a purchase with us, your payment data (e.g., name, payment amount, account details, credit card number) is transmitted to our payment service provider and processed by them for the purpose of payment processing. The contractual and data protection provisions of the provider we have selected apply to these transactions.

The respective contractual and data protection provisions of the respective providers apply to this processing. The use of payment service providers is based on Art. 6 para. 1 lit. b GDPR (contract execution) as well as in the interest of a smooth, comfortable, and secure payment process (Art. 6 para. 1 lit. f GDPR).

Privacy Policy

Privacy Notice pursuant to Art. 13 GDPR

ROSAMIX

INFORMATION

If you have any questions about your order, shipping, or returns, please contact us:

Your shopping cart

Privacy Policy

Privacy Notice pursuant to Art. 13 GDPR

Your shopping cart (0)

Product comparison

Your shopping cart