We will treat your personal data in accordance with any and all obligations that are binding upon us under the General Data Protection Regulation (“GDPR”), the Privacy Act 1988 (Cth) and any other applicable law relating to personal data.
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Controller of the data processing
Controller of the processing of your personal data is:
Healy World B.V., Singel 250, 1016 AB Amsterdam, Netherlands,
The data protection officer of the controller can be reached at:
Data Protection Team
Healy World GmbH
2. Purposes and legal basis of data processing
Hereinafter, we inform you about the details of the processing of personal data in the context of the use of our website. If a contract is concluded between HEALY WORLD and you, you only have to provide the personal data that is required for the commencement and performance of the contract or that we are legally obliged to collect. Without this data, we will usually have to refuse to conclude the contract or carry out the order, or we will no longer be able to perform an existing contract and may have to terminate it.
2.1 Collection of personal data when visiting our website
When using the website for informative purposes, HEALY WORLD only collects the personal data that your browser transfers to HEALY WORLD’s server. If you wish to have a look at HEALY WORLD’s website, HEALY WORLD collects the following data, which are technically necessary to display the website to you and to ensure stability and security:
- Place of request
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Requested content (specific page)
- Access Status/HTTP Status Code
- Amount of data transferred in each case
- Website from which the request originates
- Browser type
- Operating system and its interface
- Language and version of the browser software
- Requesting provider
After a technical evaluation, this data is deleted immediately. In accordance with Art. 6 para. 1 lit. of the GDPR, this data collection serves to preserve our legitimate interests in the correct display of our website and to ensure the trouble-free operation of our website offering, as well as compliance with the provisions of the GDPR in terms of security and confidentiality.
When you use and visit our website, cookies or similar technologies such as pixels (hereinafter generally “cookies”) are placed on your device. Cookies are small text files that are placed on your end device by your browser to store certain information, or image files such as pixels.
We use the tracking tool Google Analytics by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google“) on our website to record and systematically evaluate your interactions on our website. By evaluating the data obtained, we are able to compile information on the use of the individual components of our website and improve the user experience. The following data is stored for this purpose:
- Three bytes of the IP address of the accessing system of the user (anonymised IP address)
- The accessed web page
- The website from which the user accessed our website (referrer)
- The subpages that are accessed from the accessed webpage
- The length of time spent on the website
- The frequency with which the website is accessed
The information collected by these cookies about your use of this website is usually transferred to a Google server in the USA and stored there. For this purpose, we have concluded the so-called EU standard contractual clauses with Google in order to be able to guarantee the security of your personal data during transfer to the USA.
The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw this consent at any time.
The data stored through tracking is deleted as soon as it is no longer needed for our recording purposes. This is the case after twelve months.
2.3 Collection and use of personal data for contact requests
If you contact HEALY WORLD by e-mail or via the contact form, the personal data provided (including your e-mail address, first and last name, if applicable) will be stored by HEALY WORLD in order to answer your enquiry. HEALY WORLD deletes the data accrued in this context after the storage is no longer necessary, e.g. when your request has been dealt with. Otherwise, processing will be restricted if there are legal storage obligations.
This data processing is based on Art. 6 para. 1 lit. f GDPR, our legitimate interest in being able to talk to you about our products and services, or Art. 6 para. 1 lit. b GDPR, if it is a pre-contractual communication.
2.4 Collection, storage and use of personal data at conclusion of contract and payment
In the context of an order for products, the following personal data is collected, stored and used in the course of the registration required for an order:
- Form of address,
- Telephone number,
- E-mail address,
- If applicable, a different delivery address
- Credit card, bank and transfer information; and
- any other personal data that you share with us
HEALY WORLD uses this personal data exclusively for the purpose of the performance the contract and the communication with the customers that is necessary in this respect. This includes the initiation, conclusion, execution, warranty and, if applicable, the rescission of the contract. The data will be stored until the performance of the contract is complete. Insofar as commercial and tax storage periods exist, the duration of storage may be up to 10 years.
This data processing is based on Art. 6 para. 1 lit. b GDPR for the performance of the contract. The legal basis for the further storage for tax and commercial law reasons is the necessity according to the law pursuant to Art. 6 para. 1 lit. c GDPR.
2.5 Use of data for advertising purposes, newsletter
HEALY WORLD will only process your personal data to send you a newsletter if you have consented to this in advance. The only mandatory data for sending the newsletter is the e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After confirmation, HEALY stores your e-mail address for the purpose of sending you the newsletter.
This data processing is based on your consent, the legal basis is Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can withdraw your subscription by clicking on the link provided in every newsletter e-mail or by sending an e-mail to firstname.lastname@example.org.
3. Data transfer
HEALY WORLD will only disclose your personal data to the extent necessary to perform the contract or to preserve HEALY WORLD’s legitimate interests. HEALY WORLD uses external service providers, such as hosting providers, payment service providers and shipping service providers for the performance of the contract and the provision of the services. Where such service providers act as processors for HEALY WORLD, separate processing agreements have been concluded to ensure the protection of customers’ personal data.
In order to carry out the delivery, your first name, last name, address and e-mail address will be forwarded to the shipping company. This data transfer takes place for the fulfilment of the contractual relationship with you as the customer. The legal basis for this data processing is Art. 6 para. 1 lit. b GDPR.
For payment processing, your payment data, namely first name, last name, address, e-mail address are forwarded to the respective payment provider. This data processing is carried out for the performance of the contractual relationship with you as a customer or on the basis of the consent you have given. The legal basis for this data processing is Art. 6 para. 1 lit. a or lit. b GDPR.
We use the customer management and merchandise management system of TimeWaver Home GmbH for contract execution within the scope of processing. For this purpose, your personal data collected in the context of the order will be transferred to Zoho Corporation Pvt. Ltd. / Datacenter Europe. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR.
Data may be transferred to third countries (i.e. countries that are neither members of the European Union nor of the European Economic Area) if this is necessary to provide services to you, if it is legally required or if you have given us your consent. In addition, we may also transfer your personal data to processors in third countries.
Please note that not all third countries have a level of data protection recognised as adequate by the European Commission. For data transfers to third countries that do not have an adequate level of data protection, prior to the transfer we ensure that the recipient either has an adequate level of data protection (e.g. by agreeing so-called EU standard contractual clauses of the European Union with the recipient) or that our users have given their express consent.
Please note that we are part of a global group, and from time to time it may be reasonably necessary to share your personal data with our affiliated businesses.
If your information is transferred outside Australia to our affiliated business or service providers, we will take reasonable steps to ensure that your personal data received the same level of protection as if were to remain within Australia
You can obtain a copy of the specifically applicable or agreed arrangements for ensuring the adequate level of data protection from us. Please use the information under Section 1 for this matter.
4. Storage period and security
We will store your data for as long as specified in the relevant processing activities under Section 2 and for as long as this is necessary to provide our services to you or we have a legitimate interest in continuing to store it.
In addition, we are subject to various storage and documentation obligations resulting among others from the German Commercial Code (HGB) and the German Fiscal Code (AO). The time limits specified there for storage and documentation are up to ten years. Finally, the storage period is also determined by the statutory limitation periods, which can be up to thirty years, for example, according to §§ 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three years.
We are committed to maintaining the confidentiality of the personal data that you provide us and we will take all reasonable precautions to protect your personal data from unauthorised use or alteration. Your personal data may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure the security of hard-copy information.
5. Third Party Websites
6. Rights of the data subjects
Data subjects may have the following rights, depending upon the jurisdiction in which they are located:
Right of access: The right of access to your personal data processed by us and the right to obtain a copy of this data.
Right to rectification: If your personal data is inaccurate or incomplete, you have the right to rectification.
Right to restriction of processing: This right includes the restriction of the use or the manner of use. This right is limited to specific cases and exists in particular when (a) the data is inaccurate; (b) the processing is unlawful and you object to the erasure; (c) we no longer need the data, but you require the data for the establishment, exercise or defence of legal claims.
Right to erasure: You can request the erasure of your personal data unless there is a storage obligation. The right to erasure is not a right without exception. We have the right, for instance, to continue to process your personal data where such processing is necessary to comply with our legal obligations or for the establishment, exercise or defence of legal claims.
Right to data portability: This right includes that we transfer your personal data, if technically possible, in a structured, common and machine-readable format for your own purposes.
Right to withdraw your consent: If you have given us your consent for processing, you have the right to withdraw your consent at any time. Such a withdrawal does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.
Right to lodge a complaint: You have the right to lodge a complaint with the data protection supervisory authority. You can find a list of all supervisory authorities for Germany here https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html. For Australian residents, please see section 7 (Contact us) below.
Right to object: You have the right to object to the processing of your personal data on grounds relating to your personal situation, provided that the processing is carried out in the public interest or on the basis of a balance of interests, including profiling. In the event of your objection, we will cease processing your personal data unless we can provide evidence of compelling reasons which override your interests or the processing of your personal data is necessary for the establishment, exercise or defence of legal claims. Insofar as we process your personal data for direct marketing purposes, you have the right to object to this processing at any time; this also applies to the creation of profiles insofar as it is covered by such direct marketing measures.
We hope that this information has helped you to exercise your rights. If you would like to obtain more detailed information on the data protection provisions, please do not hesitate to contact us.
7. Contact us
For Australian residents
For more information about our privacy practices, if you have questions, or if you would like to access and/or correct your personal data or if you would like to make a complaint, please contact our data protection officer using the details specified in section 1.
Please note that we may request proof of identity and verify your identity before responding to any complaint or request for access to your personal data.
In most cases, you may have access to your personal data. We will deal with all requests for access to personal data within a reasonable time. However, requests for large amounts of personal data or personal data that is not currently in use, may require further time before a response can be given. Subject to applicable law, we may charge you a reasonable fee for access if the cost is incurred by us in order to retrieve your personal information or respond to your requests.
In some cases, we may refuse to provide access to your personal data. This may include circumstances where giving you access would:
- be unlawful (eg, where a record that contains personal data is subject to a claim for legal professional privilege by one of our contractual counterparties);
- have an unreasonable impact on another person’s privacy; or
- prejudice an investigation of unlawful activity; or
- appear to be vexatious or frivolous.
We may also refuse access where the personal data relates to existing or anticipated legal proceedings, and such information would not be accessible by the process of discovery in those proceedings.
If we refuse to give you access, we will provide you with reasons for our refusal.
We will correct any personal data about you that is held by us and that is inaccurate, incomplete or out of date, if you request that we do so. If you disagree with our view about the accuracy or completeness of a record of your personal data that is held us, we will provide you with our reasons.
If you are not satisfied with the outcome of any complaint or our response to your enquiries, you also have the right to lodge a complaint with the Office of the Australian Information Commissioner in Australia, Information Commissioner via www.oaic.gov.au.