PRIVACY POLICY

This privacy policy explains the processing of personal data of customers by Herosan Healthcare GmbH (hereinafter “HEROSAN”). The processing is carried out in particular for the fulfilment of the contractual relationship with the customer as well as on the basis of other reasons, which are detailed below.

All data is processed automatically in accordance with the statutory provisions and on the basis of the General Data Protection Regulation (GDPR). All personal data is only accessed by persons who are authorised by HEROSAN and have the right to know this data as part of their duties.

1. Registration

1.1 Categories and types of data

The customer has the option of registering in the customer portal via the user interface. HEROSAN first processes the personal data that the customer has provided to HEROSAN itself in the course of registering in the customer portal. These include:

Name (including previous names),
Date of birth,
Residential address,
Bank details,
Telephone and fax numbers, and other information necessary for addressing, which is obtained through modern communication techniques,
Username,
Password,
E-mail address

On the other hand, HEROSAN processes data that accrue due to the performance of the contract. These include:

Pet species,
ordered products,
Order date,
Invoice amount,
Date and time of payment,
Confirmation or rejection of the execution of the payment,
Access times,
Access and order rates,
differing invoice/delivery address,
Enquiries or complaints to the customer support

1.2 Userlike

HEROSAN healthcare gmbh uses chat software from Userlike UG (haftungsbeschränkt), Probsteigasse 44-46, 50670 Cologne, Germany. You can use the chat like a contact form to chat with our staff in near real time. When starting the chat, the following personal data is collected:

Date and time of the call,
Browser type/version,
IP address,
Operating system used,
URL of the previously visited website,
Amount of data sent.
And if indicated: First name, last name, and email address.

Depending on the course of the conversation with our staff, further personal data may be entered by you during the chat. The nature of this data depends largely on your enquiry or the problem you are describing to us. The purpose of processing all of this data is to provide you with a fast and efficient means of contacting us and thus to improve our customer service.

All our staff have been and will be trained on data protection and how to handle customer data safely and confidentially. All our employees are bound to confidentiality and have signed an addendum in their employee contracts to the obligation to maintain confidentiality and to observe data protection.

By calling up the website www.herosan.eu, the chat widget is loaded in the form of a JavaScript file from AWS Cloudfront. The chat widget technically represents the source code that runs on your computer and enables the chat.

In addition, HEROSAN healthcare stores the chat history for a period of 24 months. This serves the purpose of sparing you extensive explanations about the history of your enquiry under certain circumstances as well as for the constant quality control of our chat offer. The processing is therefore permitted in accordance with Art. 6 Para. 1 Letter f GDPR. If you do not wish this, you are welcome to inform us of this using the contact details below. Stored chats will then be deleted by us immediately.

The storage of chat data also serves the purpose of ensuring the security of our information technology systems. The storage of chat data also serves the purpose of ensuring the security of our information technology systems. This is also our legitimate interest, which is why the processing is permissible under Art. 6 (1) f DSGVO.

Further information can be found in the data protection provisions of Userlike UG(haftungsbeschränkt).

1.3 Uses

The processing and transmission of the personal data is carried out, on the one hand, for the performance of the contract with the customer, in particular for the processing and delivery of all orders of the customer, as well as, if necessary, for the enforcement of legal claims arising from such a contract. On the other hand, the processing and transmission of the personal data of the customer is carried out for the purpose of determining the remuneration to which the partner of the customer is entitled for the order of its customers via its user platform. However, the personal data is also processed on the basis of legal obligations of HEROSAN, e.g. to comply with tax and commercial law retention obligations. Finally, personal data is processed for marketing purposes, in particular sending information about HEROSAN, newsletters, offers for the products, vouchers and other advertising materials.

If the aforementioned personal data is not provided, HEROSAN will not be able to collect it and may subsequently not be able to achieve the individual purposes described. For example, an order cannot be carried out.

The processing and transmission of the data takes place

on the basis of the customer’s consent (Art 6 para 1 lit a GDPR),

Customer’s right to revoke consent You can revoke your consent at any time for the future. The processing of your personal data that was lawful until the revocation remains unaffected. The revocation can be made form-free, e.g. by e-mail to info@herosan.at or by sending a message to the contact person indicated under point 3.

on the basis of (pre-)contractual obligations (Art 6 para 1 lit b GDPR),
on the basis of a legal obligation of HEROSAN (Art 6 para 1 lit c GDPR),
and on the basis of a legitimate interest on the part of HEROSAN or a third party (the respective partner) (Art 6 para 1 lit f GDPR).

Customer’s right to object to processing According to Art. 21 (1) GDPR, you have the right to object at any time to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. f) GDPR (data processing for the protection of legitimate interests). If you object, your personal data will no longer be processed for the purposes covered by the objection, unless

compelling legitimate grounds can be demonstrated which override the interests, rights and freedoms of the data subject,
or the processing serves the assertion, exercise or defence of legal claims. Insofar as the objection is also or only directed against data processing for direct marketing, your personal data will no longer be processed for this purpose.

The objection can be made form-free, e.g. by e-mail to info@herosan.at or by sending a message to the contact person indicated under point 3.

HEROSAN does not use fully automated decision-making within the meaning of Art. 22 GDPR to justify and execute the contract.

1.4 Recipients

The recipients of this data include:

the respective partner of the customer,
payment institutions,
delivery companies,
IT service providers.

If and to the extent that the recipients of the personal data process it on behalf of HEROSAN, they will act as so-called order processors only in accordance with HEROSAN’s instructions and are contractually obliged to comply with the applicable data protection requirements vis-à-vis HEROSAN.

In order to be able to offer you Klarna’s payment methods, we may pass on your personal data to Klarna at the checkout in the form of contact and order data so that Klarna can assess whether you qualify for the payment methods and so that these payment methods can be tailored to you.

Your submitted personal data will be processed in accordance with Klarna’s own privacy policy.

Data is only transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of the orders or the fulfilment of the contract, is required by law (e.g. reporting obligations under tax law) or consent has been given.

1.4 Period of storage

The above-mentioned data will be stored until the deletion of the user profile or, beyond that, as long as legal retention periods exist or as long as legal claims can be asserted from the contractual relationship.

These periods can run for up to 30 years (e.g.: statute of limitations).

2. Cookies

HEROSAN also uses cookies and other technologies to make the website and apps more personal, clearer and safer for users, to enable the use of certain functions or to carry out certain statistical analyses.

Cookies are small files that are assigned to and stored on the customer’s end device, the browser used by him or her or the respective app, and through which certain information flows to the body that sets the cookie. Cookies can contain certain (personal) data (e.g. IP address, settings of the operating system/end device, website from which the file was accessed, name of the file or date and time of the access).

The customer can restrict or prohibit the setting of cookies in the settings of his browser. However, in individual cases this can lead to the website and apps not being able to be used to their full extent. HEROSAN accepts no liability for external content.

The following types of cookies can be used when visiting the website:

Name	Duration	Purpose	Supervior
PHPSESSID	Deleted as soon as your browser session expires or you close the browser.	This cookie is used to technically identify the user in order to keep the session experience constant. This is also necessary to be able to log in to the website.	shop.herosan.at
XSRF-TOKEN	1 Year	Ensures browsing security for visitors by preventing cross-site request forgery. This cookie is essential for the security of the website and the visitor.	shop.herosan.at
cookieconsent_status	1 Year	Stores the user's consent status for cookies on the current domain.	shop.herosan.at
laravel_session	Deleted once your browser session expires or you close the browser.	This cookie is used internally by the website owners when content is uploaded or renewed on the website.	shop.herosan.at
kundenmeister	Persistent (52 years)	We use cookies from KundenMeister to enable the connection between our website and our inventory management / CRM system.	www.kundenmeister.com
kmcsrfcookie	1 Jahr	We use cookies from KundenMeister to be able to validate the forms on our website.	www.kundenmeister.com

3. Data subject rights

In addition to the right to information, the customer also has the right to correction, deletion, restriction, objection and data transferability with regard to his personal data. The customer is only entitled to the right of deletion insofar as this is not opposed by legitimate interests on the part of HEROSAN and there are no legal obligations to retain data. In addition, the customer has the option of lodging a complaint with the data protection authority.

4. Contact

HEROSAN healthcare gmbh
Paula-Neuroth-Straße 1
8403 Lebring

info@herosan.eu

+43 720 500205
+43 720 500205-20