COMPANY DETAILS
BUSINESS & NATURE GmbH
Rotwandstraße 26, 81539 Munich
Germany

Fon +49 (0) 89 / 649457-3
Fax +49 (0) 89 / 649457- 59

contact(at)business-nature.de
www.business-nature.de

Managing Directors: Diana Sans, Aimé Sans
HRB Munich 146768
VAT n° DE813685015
Privacy & Legal Disclaimer

DATA PROTECTION

Thank you for your interest in our homepage and our company. The website is operated by:

BUSINESS & NATURE Ltd.
Rotwandstrasse 26, 81539 Munich, Germany

Phone +49 (0) 89 / 649457-3
Fax +49 (0) 89 / 649457- 59
contact(at)business-nature.de

In using our Website and to provide goods or services, we collect various types of information, some of which is provided by you as a user and some of which is necessary to use the Website or which results from your use of the Website. Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person, such as your name, your address, your telephone number, your date of birth, your payment data and your IP address. Your personal data will only be passed on or otherwise transferred to third parties if this is necessary for the purpose of contract processing (for example for payment processing or sending goods via parcel service) or if you have given your express consent. No other use of the information or automated decision making takes place.
If we use contracted service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. We also specify the defined criteria for the storage period.

The following data protection principles apply to the use of our website and the services offered and performed by us:
1. We protect your personal data by taking all reasonable and necessary technical and organizational measures so that your personal data is not accessible to unauthorized third parties. Our website and other services offered through it therefore use appropriate encryption mechanisms for the provision of the content and during the input and transmission of data. When communicating by e-mail, we also recommend the use of encryption for confidential information.

2. Responsible according to Art. 4 para. 7 EU General Data Protection Regulation (GDPR) is Diana Sans, Rotwandstraße 26, 81539 Munich (see also our imprint). You can reach our contact for data protection Matthias Zeh at datenschutz@business-nature.de or via our postal address with the addition “Data protection”.

3. Your personal data will only be passed on to third parties,

• if you have given your express consent pursuant to Art. 6 para. 1 sentence 1 a) GDPR;
• if the transfer is necessary for the fulfilment of contractual obligations pursuant to Art. 6 para. 1 sentence 1 b) GDPR;
• if we are legally obliged to pass on the data within the meaning of Art. 6 Par. 1 S. 1 c) GDPR;
• if the disclosure of the data is in the public interest within the meaning of Art. 6 para. 1 e) GDPR or;
• if the disclosure of data pursuant to Art. 6 para. 1 sentence 1 f) GDPR is necessary to protect our legitimate interests or the legitimate interests of a third party, provided that your interests in the protection of your data do not prevail.

4. If you send us e-mail messages or other messages, in particular comments, or enter them directly on the website, we will retain such messages to process the request, respond to questions and improve the website, products and services. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory retention obligations exist.

5. You have the right to request information about your personal data free of charge at any time. Furthermore, you have the right at any time to revoke your consent to the use of your personal data with effect for the future and to request correction or deletion of the data stored by us.
In particular, you have the following rights towards us with regard to personal data concerning you:
• Right to information,
• Right to correction or deletion,
• Right to limitation of processing,
• Right of opposition to the processing,
• Right to data transferability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data. You have the following individual rights:
a. Right to information pursuant to Art. 15 GDPR on the processing of your personal data by us for processing purposes, categories of processed data, recipients or categories of recipients, duration of storage or criteria for determining the duration, right to correction, deletion, restriction of processing or objection to processing, right of appeal to the supervisory authority, information on the origin of the data if applicable and the existence of automated decision-making and, if applicable, information on guarantees pursuant to Art. 46 GDPR in the event of transfer to a third country or international organisations;
b. Right to immediate correction of incorrect or incomplete personal data in accordance with Art. 16 GDPR;
c. Right to erasure of stored personal data in accordance with Article 17 of the GDPR, if the data are no longer necessary for the purposes for which they were collected or otherwise processed, if a consent granted has been revoked and there is no other legal basis, if objection to processing has been lodged and the data have been processed in accordance with Article 17 of the GDPR. 21 para. 1 or 2 GDPR may no longer be processed if the data were processed unlawfully, if deletion is necessary to fulfil a legal obligation or if the data were collected in relation to information society services offered in accordance with Art. 8 para. 1 GDPR. This does not apply if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
d. Right to restrict processing in accordance with Article 18 GDPR if you dispute the accuracy of the data (for the period necessary to verify their accuracy), if the processing is unlawful but you refuse to have it deleted and instead request a restriction on its use, if we no longer need the data for the purposes of processing but you need the data to assert, exercise or defend legal claims, or if you object to the processing in accordance with Article 18 GDPR. 21 para. 1 GDPR, as long as it is not yet clear whether our justified reasons outweigh your justified reasons;
e. Right to object to the processing of your personal data pursuant to Art. 21 para. 2 GDPR (if the data are processed for direct marketing purposes) or pursuant to Art. 21 para. 1 GDPR (if the processing is carried out pursuant to Art. 6 para. 1 sentence 1 e) or f) GDPR, for reasons arising from your particular situation, unless we have compelling grounds for processing which outweigh your interests or the processing serves to assert, exercise or defend legal claims);
f. Right to data transferability pursuant to Art. 20 GDPR, i.e. to receive the personal data concerning you that you have provided to us in a structured, current and machine-readable format or to transfer it to another person responsible;
g. Right to revoke consent granted at any time pursuant to Art. 7 para. 3 GDPR. The consequence of the revocation is that from the time of the revocation we may no longer carry out the data processing for the future;
h. Right of appeal to a supervisory authority pursuant to Art. 77 GDPR. The right of appeal is without prejudice to other administrative or judicial remedies.
The address of the supervisory authority responsible for us is:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
27 Promenade, 91522 Ansbach
https://www.lda.bayern.de/de/kontakt.html
i. To provide information and for revocation as well as to notify a request for deletion, please contact the data protection officer, who will then immediately provide the information or confirm the execution of your request for deletion under the contact data specified in section 2 above. A deletion requested by you will then be carried out subject to statutory retention obligations. If a deletion – due to legal storage obligations – cannot take place completely, we limit the processing and inform you accordingly.

6. Data you provide to us as a user:

a. If you contact us via our website (by e-mail or via the contact options provided there), request an offer for a service from our company or such a service is carried out, this requires the provision of various personal data. The required basic data is determined by the type of contact or the pre-contractual or contractual legal relationship and is only collected, transmitted, processed and stored and used by us within the scope of the respective purpose. In the context of such communication we are also entitled to inform you about changes, additions or new versions of the website as well as about changes of our general terms and conditions and this data protection conditions and about other information made available via the website as well as e.g. about new service offers, as far as these are comparable with the services requested by you.
b. If you wish to receive services from us, it is necessary for the conclusion of the contract that you provide us with the personal data we require to provide the services. Required information for the execution of the contracts are marked separately, further information is voluntary. We process the data provided by you for the execution of the contract. For this purpose, we may, for example, pass on the payment data provided to our payment service provider and the names of the participants, in particular to agencies and service providers, whose services we use to fulfil the contract. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR. If you are the organiser of an event for several people, you must ensure that the participants are informed of the above.
c. Due to commercial, tax and other legal requirements, we are obliged to store various contract-relevant data, including your name and address, for a certain period (for tax-relevant data, for example, for a period of ten years). However, after two years we will restrict processing, i.e. this data will only be used to comply with legal obligations.
d. If you register as a user for the use of a newsletter, this registration can take place under indication of the e-mail address without further data. Additional information is not requested.
We use the double opt-in procedure for sending the newsletter. As part of this process, we first send the user an e-mail to the specified e-mail address. However, the user will not receive a newsletter by e-mail until the user clicks on the link received in the e-mail and has expressly confirmed to us that we should activate the newsletter service. After your confirmation we save your e-mail address exclusively for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are evaluated by us. For evaluation purposes, we link the above data and web beacons to your e-mail address and an individual ID. You can object to this tracking at any time by clicking on the separate link provided in each e-mail or by informing us of another contact method. The information is stored for as long as you have subscribed to the newsletter. After a cancellation we store the data purely statistically and anonymously.
If at any time you no longer wish to receive newsletters from us, you can object to the newsletter subscription at any time without incurring any costs other than the transmission costs according to the basic rates. A message in text form to the contact data specified in the imprint is sufficient for this. Of course, you will also find a unsubscribe link in every newsletter.
e. The data created by users within the framework of using the website via an enquiry or within the framework of providing services or registering for a newsletter is stored on servers operated in our name. However, the server operators are subject to the same data protection standards as we are and are operated in the European Union.

7. Data collected directly in the context of the use of the website:

a. For purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis is Art. 6 Para. 1 S. 1 lit. f GDPR):

• IP address (stored shortened in accordance with data protection regulations)
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access Status/HTTP Status Code
• the amount of data transferred in each case
• Website from which the request comes
• Browser name and version, language setting
• Operating system and its version

b. When you visit our website and when using the services offered via the website, the server sends one or more cookies – small files containing a string of characters – to the user’s computer or other data processing unit, which uniquely identifies the browser. We use cookies to improve the quality of the website, including to store usage preferences and track user trends.

Cookies can be used in the following form:

• Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
• Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
• Third-party cookies are cookies that are set by third parties and can be either transient or persistent cookies.

c. You can set your browser to notify you when a cookie is sent. This opens up the possibility of either accepting or rejecting a cookie. The information collected and analyzed is used to improve the service and the website, to personalize the web experience, and to allow easy login to permanently set login cookies.
d. We may use the services of third parties when evaluating cookies to assess the efficiency of the website and services and how visitors use the website and or the services and to provide a personalized user experience where appropriate. The website may use web beacons (tracking pixels) and cookies provided by third parties for this purpose. The information collected by the provider includes the pages visited, navigation patterns and similar data. This data enables us to find out which product information is most interesting for users and which offers users prefer to view. Furthermore, we do not exclude the possibility that we transmit anonymous usage data for market research purposes. Although we may have commissioned third parties to log the data originating from our website, we have control over how this data may or may not be used. The cookie itself does not contain any personal data, but if you provide personal data when visiting the website and do not delete the cookie from your browser after providing this data, the provider collects the non-personal data stored in the cookie (such as the number of visits to the provider) and stores and processes this anonymously.
e. If we use Flash cookies, these are not collected by your browser, but by your Flash plug-in. We also use HTML5 storage objects that are stored on your mobile device. These objects store the required data independently of your browser and do not have an automatic expiry date. If you do not wish the Flash cookies to be processed, you must install an appropriate add-on, e.g. “Better Privacy” for Mozilla Firefox (https://addons.mozilla.org/de/firefox/addon/betterprivacy/) or the Adobe Flash killer cookie for Google Chrome. You can prevent the use of HTML5 storage objects by using private mode in your browser. We also recommend that you regularly delete your cookies and your browser history manually.

8. data collected in the context of the use of the website by analysis tools (WebAnalytics) used by us or by other services:

a. We use Google Analytics to analyse and regularly improve the use of our website. We can improve our offer and make it more interesting for you as a user. Google Analytics is a web analysis service of Google Inc. (“Google”), which uses cookies to analyse your use of the website.
The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, by activating IP anonymisation on this website, Google will previously reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. However, should personal data be transferred to the USA in an exceptional case, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Par. 1 S. 1 lit. f GDPR.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
Third-party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Use: http://www.google.com/analytics/terms/de.html, Privacy Policy: http://www.google.com/intl/de/analytics/learn/privacy.html, and Privacy Policy: http://www.google.de/intl/de/policies/privacy.

b. This site uses so-called web fonts provided by Google to uniformly display fonts. When you call up a page, your browser loads the required Web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
If your browser does not support web fonts, a default font is used by your computer.
Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://www.google.com/policies/privacy/