Welcome to our website! We attach great importance to protecting your data and safeguarding your privacy. We would like to explain below what data we process, when, for what purpose and on what legal basis. The aim is to explain how our services work and how the protection of your personal data is guaranteed.
“Personal data” means any information relating to an identified or identifiable natural person in accordance with Art. 4 No. 1 GDPR. An identifiable natural person is one who can be identified directly or indirectly. Further information on this can be found in Art. 4 No. 1 GDPR.
“Processing” of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
In addition, reference is made to the definitions in Art. 4 GDPR.
This privacy policy describes:
The controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data is
Lavation – The gentle way
Sandra and Jochen Lutz
Rinnener Sträßle 95
74523 Schwäbisch Hall
Telephone number: 0791 4072488
Fax number: 0791 4072499
Log files
Our website is hosted by the provider IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter “IONOS”) on our behalf (order processing) in a data center in Europe. Details can be found in the IONOS privacy policy: https://www.ionos.de/terms-gtc/terms-privacy.
Each time you visit our website, we automatically collect data and information from your device’s system and store it in so-called server log files. This data is information that relates to an identified or identifiable natural person (here: website visitor). The data is automatically transmitted by your browser when you visit our website. This includes the following information:
The purpose of this processing is to make our website accessible from your end device and to enable our website to be displayed correctly on your end device or in your browser. Furthermore, we use the data to ensure the proper operation of the website and to ensure the security of our systems.
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The data in log files is generally stored by us for a maximum of 30 days and then deleted. The storage serves to ensure the security of our systems.
The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in presenting you with a website optimized for your browser, in enabling communication between our server and your end device and in defending against and prosecuting illegal attacks. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person.
Our website partly uses so-called cookies. These are text files that are stored on your device to make the use of a website more convenient. Cookies can be used to store entries and settings on a website so that you do not have to re-enter them each time you visit a website. Cookies contain a so-called cookie ID, which makes it possible to assign the device on which the cookie was stored.
In general, the following cookies may be used on the website:
These cookies are necessary for the functioning of the website. Generally, these cookies are only used in response to a service request, such as setting your privacy preferences, logging in or filling in forms. You can set your browser so that these cookies are blocked or so that you are informed about these cookies. However, some areas of the website may not function properly.
The legal basis for the processing of these cookies is Art. 6 para. 1 lit. f) GDPR and § 25 para. 2 TTDSG. Our legitimate interest follows from our intention to ensure the secure, fast and efficient provision of our website as well as the defense against and prosecution of illegal attacks.
These cookies can be set via our website. They may be used by our marketing partners to build a profile of your interests and show you relevant advertising on other websites. If you do not allow these cookies, you will be shown less targeted advertising.
The legal basis for the processing of these cookies is your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG, which you have given us through your selection in the cookie banner.
You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
In detail, we use the cookies listed in this privacy policy, depending on the cookie settings you have made in the cookie banner. By default, only the strictly necessary cookies are activated. If you do not want this either, you have the option of generally rejecting cookies in your browser. In this case, the functionality of the visited website may be impaired.
You can deactivate or delete such cookies in your browser settings. Please note that if you deactivate cookies, you may not be able to access all the functions of our website.
There are one or more contact forms on our website which you can use to contact us electronically. If you contact us via these contact forms, the data entered in the input fields will be processed by us. These are:
We store this data for as long as is necessary to answer and fulfill your request or until we receive a request from you to delete your personal data. Please note that if you ask us to delete your personal data, we may not be able to respond to and fulfill your request. Please also note that in some cases we need to send messages containing personal data in order to protect our rights.
The purpose of processing the personal data is to process the contact request and to be able to contact the inquirer to answer the request. The other personal data processed during the sending process is used to prevent misuse of our contact form.
The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR, insofar as your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other respects, the processing is based on your consent given with the request in accordance with Article 6 para. 1 lit. a) GDPR is based. By contacting us and providing us with personal data, you consent to the use of the personal data you provide. Consent may be withdrawn at any time without affecting the lawfulness of processing based on consent before its withdrawal. In the event that we need to store the transmitted data to protect our rights, the legal basis for the processing is still Article 6 para. 1 lit. f) GDPR.
We use the open source software Matomo to analyze and statistically evaluate website usage. Matomo is hosted on servers in Europe. This allows us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks).
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you. We have also configured Matomo so that Matomo does not store any cookies in your browser.
Matomo is used exclusively on the basis of your prior consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
We use FAST from the operator Smarketer GmbH, Alte Jakobstraße 83/84, 10179 Berlin for the correct allocation of the success of an advertising medium. The data is automatically deleted after 90 days. There is no profiling. FAST uses a unique key that third parties cannot assign and therefore users cannot be traced. Personalized advertising is not possible with FAST.
FAST establishes a connection between a click on an advertising medium, e.g. a link to a website. an advertisement and a campaign, e.g. a purchase or a login or registration. The information transmitted to us serves the sole purpose of correctly allocating the success of an advertising medium and the corresponding billing.
FAST does not store any cookies or cookie-like data on your end device. FAST collects information about the surfing behavior of Internet users, but does not collect or use any personal data. There is also no storage of users’ IP addresses.
When generating the device fingerprint, only non-personal parameters are combined (browser settings, time zone, CPU class, color depth, browser language, etc.).
In the case of a promotion, the order number and the shopping cart value of the order are usually also transmitted and stored by us for 90 days. Personal data such as name, telephone number or address are expressly not recorded or stored.
In addition, the following values can be transmitted, whereby these are exclusively non-personal, generic data:
The device fingerprint is processed on the server of the respective customer. If integration takes place via Google Tag Manager, then device fingerprint processing takes place via the Smarketer Host Europe server in Strasbourg.
Thanks to high security standards, such as an HTTPS connection, the conversion data is sent to our HOST Europe server located in Strasbourg. The transfer of the export file and the processing of the data (ClickID, conversion name, timestamp, order value, currency) takes place on a US server in accordance with Google Ads / Microsoft Ads.
The software is set so that no profiling takes place.
The information transmitted to us serves the sole purpose of correctly allocating the success of an advertising medium and the corresponding billing. If, contrary to the provider’s instructions, personal data were to be processed in connection with FAST, this would be in our legitimate interest in accordance with Art. 6 para. 1 lit. a GDPR. 1 lit. f) GDPR is justified.
The data of the processing described here is automatically deleted after a maximum storage period of 90 days.
You can prevent tracking by deactivating FAST Tracking via an opt-out link on the respective page.
We use Google Ads on our website. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms in Google (keyword targeting). Furthermore, targeted advertisements can be displayed based on the user data available at Google (e.g. location data and interests) (target group targeting). As website operators, we can evaluate this data quantitatively by analyzing, for example, which search terms led to the display of our advertisements and how many advertisements led to corresponding clicks.
The use of this service is based on your consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. The data transfer to the USA is based on the Data Privacy Framework (adequacy decision) concluded between the EU and the USA. The company is certified in accordance with the Data Privacy Framework. The Data Privacy Framework is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified in accordance with the Data Privacy Framework undertakes to comply with these data protection standards.
Subsequently, the transfer of data to the USA in connection with Google Maps can also be based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
This website uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. We have no influence on this data transmission.
If Google Maps is activated, Google may use Google Web Fonts for the purpose of uniform display of fonts. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Google Maps is embedded in the so-called “2-click solution”. This means that no data about you as a user will be transmitted to Google if you do not activate the Google Maps function or do not give your prior consent. Before Google Maps is activated, only a preview image loaded from our own web server is displayed.
The use of Google Maps is based on your prior consent in accordance with Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.
Data transfer to the USA is based on the Data Privacy Framework concluded between the EU and the USA. Subsequently, the transfer of data to the USA in connection with Google Maps can also be based on the standard contractual clauses of the EU Commission. Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
You can find more information on the handling of user data in Google’s privacy policy:
https://policies.google.com/privacy?hl=de.
Your personal data will only be passed on to third parties to the extent described in this privacy policy.
Your personal data will only be transferred to third parties for purposes other than those mentioned above in the following individual cases:
Unless explicitly stated otherwise in this privacy policy, personal data will not be transferred to third countries outside the European Union.
Unless a more specific storage period is provided for in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion will take place after these reasons no longer apply.
Automated decision-making does not take place on our website.
There is no contractual or legal obligation to provide your personal data. Please note that if you do not provide the personal data we require, we may not be able to provide all the functions of this website.
You have the following rights under the GDPR:
Exercising these rights is free of charge for you, but you are obliged to provide proof of your identity.
To make inquiries to us or to exercise any of your rights set out in this Privacy Policy and/or to lodge a complaint, please contact us by email or letter and we will endeavor to respond within 30 days. Contact details can be found at the beginning of this privacy policy.
You have the right to lodge a complaint with us (see contact details above) or with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. Alternatively, you can contact the supervisory authority responsible for us named below.
If we receive formal written complaints, we will contact the person who made the complaint to investigate the complaint. We will work with the relevant authorities, including our local data protection authority, to resolve any complaints that we are unable to resolve directly.
The local supervisory authority responsible for us is:
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Königstrasse 10 a
70173 Stuttgart