3. Purpose, legal basis and duration of the processing of personal data
(1) During the informational use of the website, the following data is collected by us: log data, such as the IP address currently used by your computer, date and time of the request, information about the browser you are using (description of type, language and version), the operating system of your computer, the pages you viewed, GMT time zone difference, access status/http status code, amount of data transferred in each case and the website from which the request originated. JORE Health GbR stores this data with its provider in a log file. The data is deleted immediately as soon as the purpose or legal basis for storage ceases to apply. The IP address is anonymized and deleted after 8 weeks. The legal basis for this data processing is our legitimate interest according to Art. 6 (1) f) GDPR to provide you with a functioning website.
(2) During the order processing we collect data in addition to the data mentioned in paragraph 3 (1): first name and surname, address, e-mail address, content of the ordered products, payment data. The legal basis for the processing is Art. 6 (1) b) GDPR, in order to process the fulfilment of the purchase of goods to be concluded with you. The data will be deleted, as far as they are used for accounting purposes, after 10 years or 6 years (§ 147 German Tax Code, § 257 German Commercial Code). In particular, if you select your desired product(s), place them in the shopping cart and call up the shopping cart to view the selection, we collect data in addition to the data mentioned in item 3 (1): Content of the ordered products. If you log in to your customer account, we collect the following data in addition to the data mentioned in section 3 (1): Customer name, e-mail, password . If you order as a guest, we collect the following data in addition to the data mentioned in section 3 (1): no more data. In the course of processing the order we collect in addition to the data mentioned in number 3 (1): Invoice and delivery information, i.e. first name and surname, invoice address, delivery address, e-mail, payment information]. You have the possibility to choose between different payment methods:
a. (6) It is possible to pay with the payment service Paypal. PayPal makes it possible to make online payments to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process is automatically transmitted to PayPal. In addition to the data mentioned in paragraph 3 (1), this is regularly the following: first name and surname, e-mail, payment amount, payee. The purpose of this transmission is the payment of the shopping cart as well as the identity and credit check. PayPal may also pass on your data to third parties if this is necessary to fulfill the contractual obligations. For this purpose Paypal has taken specific measures to ensure the protection of your personal data. In particular, if your personal data is transferred within companies affiliated with PayPal, the binding company rules approved by the relevant supervisory authorities apply. PayPal’s privacy policy can be viewed at: https://www.paypal.com/de/webapps/mpp/ua/privacy-full/ . The legal basis for data processing is Art. 6 para. 1 b) GDPR. b) DSGVO.
b. It is possible to make the payment by credit card. The processing is carried out by the payment service provider Stripe Payments, to whom we pass on the information you provide during the ordering process together with the information about your order (first name and surname, address, credit card number, verification number, invoice amount, currency and, if applicable, transaction number). Your data will be passed on for payment of the purchase price and for the purpose of payment processing with Stripe Payments. For more information about Stripe’s privacy policy please refer to the URL https://stripe.com/de/privacy#translation. Legal basis for the data processing is art. 6 para. 1 b) GDPR. (3) When using the protected customer area, the following data will be processed by us in addition to the data mentioned in item 3 (1): e-mail address. If product purchases are made, the following data will also be processed by us in addition to the data mentioned in number 3 (1): first name and surname, delivery and invoice address, e-mail address, content of the ordered products including purchase prices, payment data including the payment method used. The legal basis for this processing is the user relationship concluded with you in accordance with Art. 6 (1) b) GDPR. We process your personal data from the protected customer area as long as you have a customer profile with us. You can unsubscribe by sending us an e-mail to service@jire-health.de. From the receipt of the e-mail, we will delete your personal data concerning your user profile within fourteen (14) days. The data from the product purchases, as far as they are used for accounting purposes, will be deleted after 10 years or 6 years (§ 147 German Fiscal Code, § 257 German Commercial Code ).