Privacy Policy

Introduction and Overview

We have drafted this Privacy Policy (version 08.04.2025-112975231) to explain to you which personal data (hereinafter referred to as “data”) we, as the data controller – and our contracted data processors (e.g. providers) – process, will process in the future, and what legal options you have in accordance with the General Data Protection Regulation (EU) 2016/679 and applicable national laws.

Scope of Application

This privacy policy applies to all personal data processed by us in our company and to all personal data processed by companies contracted by us (processors). By personal data, we mean information within the meaning of Article 4 No. 1 GDPR, such as a person’s name, email address, and postal address. The processing of personal data ensures that we can offer and bill our services and products, whether online or offline. The scope of this privacy policy includes:

  • All online presences (websites, online shops) that we operate
  • Social media presences and email communication
  • Mobile apps for smartphones and other devices

In short: The privacy policy applies to all areas in which personal data is processed in a structured manner within the company via the aforementioned channels. Should we enter into legal relationships with you outside of these channels, we will inform you separately if necessary.

Legal Bases

In the following privacy policy, we provide you with transparent information on the legal principles and regulations, i.e. the legal bases of the General Data Protection Regulation, which enable us to process personal data.

As far as EU law is concerned, we refer to REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016. You can of course access this EU General Data Protection Regulation online on EUR-Lex, the gateway to EU law, at https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=celex%3A32016R0679.

We process your data only if at least one of the following conditions applies:

  1. Consent (Article 6(1)(a) GDPR): You have given us your consent to process data for a specific purpose. An example would be the storage of data you entered in a contact form.
  2. Contract (Article 6(1)(b) GDPR): We process your data to fulfil a contract or pre-contractual obligations with you. For example, if we conclude a purchase contract with you, we need personal information in advance.
  3. Legal Obligation (Article 6(1)(c) GDPR): If we are subject to a legal obligation, we process your data. For example, we are legally obligated to keep invoices for accounting purposes. These usually contain personal data.
  4. Legitimate Interests (Article 6(1)(f) GDPR): In the case of legitimate interests that do not restrict your fundamental rights, we reserve the right to process personal data. For example, we must process certain data to operate our website securely and economically efficiently. This processing is therefore a legitimate interest.

Other conditions such as the performance of recordings in the public interest and exercise of official authority as well as the protection of vital interests generally do not apply to us. Should such a legal basis be relevant, it will be indicated at the appropriate place.

In addition to the EU regulations, national laws also apply:

  • In Austria, this is the Federal Act on the Protection of Natural Persons with regard to the Processing of Personal Data (Data Protection Act), or DSG for short.
  • In Germany, the Federal Data Protection Act, or BDSG for short, applies.

If other regional or national laws apply, we will inform you about them in the following sections.

Contact Details of the Data Controller

If you have questions about data protection or the processing of personal data, you will find the contact details of the responsible party according to Article 4(7) of the EU General Data Protection Regulation (GDPR) below:

Sun Plant Pure GmbH – Sonnenkräuter
Dr. Nastaran Schahbazian
Matteottiplatz 2/25/11
1160 Vienna

Authorised representative: Dr. Nastaran Schahbazian

Email: info@sunplantpure.com

Telephone: +43 664 8974917

Imprint: https://www.sunplantpure.com/impressum/

Storage Duration

As a general criterion, we only store personal data for as long as absolutely necessary for the provision of our services and products. This means that we delete personal data as soon as the reason for the data processing no longer exists. In some cases, we are legally obligated to store certain data even after the original purpose has ceased to exist, for example for accounting purposes.

Should you request the deletion of your data or revoke your consent to data processing, the data will be deleted as quickly as possible and unless there is an obligation to store it.

We will inform you below about the specific duration of the respective data processing if we have further information on this.

Rights under the General Data Protection Regulation

In accordance with Articles 13 and 14 GDPR, we inform you about the following rights to which you are entitled to ensure fair and transparent processing of data:

  • According to Article 15 GDPR, you have the right to information about whether we process data about you. If this is the case, you have the right to receive a copy of the data and to know the following information:
    • for what purpose we are conducting the processing;
    • the categories, i.e. the types of data, that are processed;
    • who receives this data and if the data is transferred to third countries, how security can be guaranteed;
    • how long the data will be stored;
    • the existence of the right to rectification, deletion, or restriction of processing and the right to object to processing;
    • that you can lodge a complaint with a supervisory authority (links to these authorities can be found below);
    • the origin of the data if we did not collect it from you;
    • whether profiling is carried out, i.e. whether data is automatically evaluated to arrive at a personal profile of you.
  • According to Article 16 GDPR, you have the right to rectification of data, which means that we must correct data if you find errors.
  • According to Article 17 GDPR, you have the right to erasure (“right to be forgotten”), which specifically means that you can request the deletion of your data.
  • According to Article 18 GDPR, you have the right to restriction of processing, which means that we may only store the data but not use it further.
  • According to Article 20 GDPR, you have the right to data portability, which means that upon request, we will provide you with your data in a common format.
  • According to Article 21 GDPR, you have the right to object, which, after implementation, brings about a change in processing.

If the processing of your data is based on Article 6(1)(e) (public interest, exercise of official authority) or Article 6(1)(f) (legitimate interest), you can object to the processing. We will then check as quickly as possible whether we can legally comply with this objection.

If data is used to conduct direct advertising, you can object to this type of data processing at any time. We may no longer use your data for direct marketing after this.

If data is used to conduct profiling, you can object to this type of data processing at any time. We may no longer use your data for profiling after this.

  • According to Article 22 GDPR, you may have the right not to be subject to a decision based solely on automated processing (such as profiling).
  • According to Article 77 GDPR, you have the right to lodge a complaint. This means that you can complain to the data protection authority at any time if you believe that the processing of personal data violates the GDPR.

In short: You have rights – do not hesitate to contact the responsible party listed above!

If you believe that the processing of your data violates data protection law or your data protection claims have been violated in any other way, you can complain to the supervisory authority. For Austria, this is the Austrian Data Protection Authority, whose website you can find at https://www.dsb.gv.at/. In Germany, there is a data protection officer for each federal state. For more information, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI). The following local data protection authority is responsible for our company:

Communication

Communication Summary

  • Data subjects: All those who communicate with us by telephone, email, or online form
  • Data processed: e.g. telephone number, name, email address, entered form data. More details can be found under the respective type of contact
  • Purpose: Handling of communication with customers, business partners, etc.
  • Storage duration: Duration of the business case and the legal requirements
  • Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(b) GDPR (Contract), Art. 6(1)(f) GDPR (Legitimate Interests)

When you contact us and communicate via telephone, email, or online form, personal data may be processed.

The data is processed for the handling and processing of your inquiry and the related business transaction. The data is stored for as long as specified or as long as required by law.

Data Subjects

All those who seek contact with us through the communication channels we provide are affected by the aforementioned processes.

Telephone

If you call us, the call data is pseudonymised and stored on the respective end device and by the telecommunications provider used. In addition, data such as name and telephone number may subsequently be sent by email and stored for answering inquiries. The data is deleted as soon as the business case has been completed and legal requirements permit.

Email

If you communicate with us by email, data may be stored on the respective end device (computer, laptop, smartphone, etc.) and data is stored on the email server. The data is deleted as soon as the business case has been completed and legal requirements permit.

Legal Bases

The processing of the data is based on the following legal grounds:

  • Art. 6(1)(a) GDPR (Consent): You give us consent to store your data and continue to use it for purposes related to the business case;
  • Art. 6(1)(b) GDPR (Contract): There is a need for the performance of a contract with you or a processor such as a telephone provider, or we need to process the data for pre-contractual activities, such as the preparation of an offer;
  • Art. 6(1)(f) GDPR (Legitimate Interests): We want to conduct customer inquiries and business communication in a professional manner. Certain technical facilities such as email programs, Exchange servers, and mobile network operators are necessary to operate communication efficiently.

Cookies

Cookies Summary

  • Data subjects: Visitors to the website
  • Purpose: dependent on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.
  • Data processed: Dependent on the cookie used. More details can be found below or from the manufacturer of the software that sets the cookie.
  • Storage duration: dependent on the respective cookie, can vary from hours to years
  • Legal bases: Art. 6(1)(a) GDPR (Consent), Art. 6(1)(f) GDPR (Legitimate Interests)

What are Cookies?

Our website uses HTTP cookies to store user-specific data. Below we explain what cookies are and why they are used, so that you can better understand the following privacy policy.

Whenever you browse the internet, you use a browser. Well-known browsers include Chrome, Safari, Firefox, Internet Explorer, and Microsoft Edge. Most websites store small text files in your browser. These files are called cookies.

One thing cannot be denied: Cookies are really useful little helpers. Almost all websites use cookies. More specifically, they are HTTP cookies, as there are also other cookies for other applications. HTTP cookies are small files that are stored on your computer by our website. These cookie files are automatically placed in the cookie folder, which is essentially the “brain” of your browser. A cookie consists of a name and a value. When defining a cookie, one or more attributes must also be specified.

Cookies store certain user data about you, such as language or personal page settings. When you visit our site again, your browser sends the “user-related” information back to our site. Thanks to cookies, our website knows who you are and offers you the settings you are used to. In some browsers, each cookie has its own file, in others, such as Firefox, all cookies are stored in a single file.

There are both first-party cookies and third-party cookies. First-party cookies are created directly by our site, while third-party cookies are created by partner websites (e.g. Google Analytics). Each cookie must be evaluated individually, as each cookie stores different data. The expiry time of a cookie also varies from a few minutes to several years. Cookies are not software programs and do not contain viruses, Trojans, or other “pests”. Cookies also cannot access information on your PC.

For example, cookie data can look like this:

Name: _ga
Value: GA1.2.1326744211.152112975231-9
Purpose: Differentiation of website visitors
Expiry date: after 2 years

A browser should be able to support these minimum sizes:

  • At least 4096 bytes per cookie
  • At least 50 cookies per domain
  • At least 3000 cookies in total

What Types of Cookies Are There?

The question of which cookies we use in particular depends on the services used and is clarified in the following sections of the privacy policy. At this point, we would like to briefly discuss the different types of HTTP cookies.

There are 4 types of cookies:

Essential Cookies
These cookies are necessary to ensure basic functions of the website. For example, these cookies are needed when a user puts a product in the shopping cart, then continues surfing on other pages, and only goes to checkout later. These cookies do not delete the shopping cart, even if the user closes their browser window.

Functional Cookies
These cookies collect information about user behaviour and whether the user receives any error messages. In addition, these cookies are used to measure the loading time and the behaviour of the website with different browsers.

Targeting Cookies
These cookies ensure better user experience. For example, entered locations, font sizes, or form data are stored.

Advertising Cookies
These cookies are also called targeting cookies. They are used to deliver customised advertising to the user. This can be very useful, but also very annoying.

Usually, when you visit a website for the first time, you are asked which of these types of cookies you want to allow. And of course, this decision is also stored in a cookie.

If you want to know more about cookies and are not afraid of technical documentation, we recommend https://datatracker.ietf.org/doc/html/rfc6265, the Request for Comments of the Internet Engineering Task Force (IETF) called “HTTP State Management Mechanism”.

Purpose of Processing via Cookies

The purpose ultimately depends on the respective cookie. More details can be found below or from the manufacturer of the software that sets the cookie.

What Data is Processed?

Cookies are little helpers for many different tasks. Unfortunately, it is not possible to generalise which data is stored in cookies, but we will inform you about the processed or stored data in the context of the following privacy policy.

Storage Duration of Cookies

The storage duration depends on the respective cookie and is specified further below. Some cookies are deleted after less than an hour, others can remain stored on a computer for several years.

You also have influence on the storage duration yourself. You can manually delete all cookies at any time via your browser (see also “Right to Object” below). Furthermore, cookies that are based on consent will be deleted at the latest after you withdraw your consent, whereby the lawfulness of storage until then remains unaffected.

Right to Object – How Can I Delete Cookies?

You decide for yourself how and whether you want to use cookies. Regardless of which service or website the cookies come from, you always have the option to delete, deactivate, or only partially allow cookies. For example, you can block third-party cookies but allow all other cookies.

If you want to determine which cookies have been stored in your browser, if you want to change or delete cookie settings, you can find this in your browser settings:

Chrome: Delete, enable, and manage cookies in Chrome

Safari: Managing cookies and website data with Safari

Firefox: Delete cookies to remove data that websites have placed on your computer

Internet Explorer: Delete and manage cookies

Microsoft Edge: Delete and manage cookies

If you generally do not want cookies, you can set up your browser to notify you whenever a cookie is about to be set. This way, you can decide whether to accept or reject each individual cookie. The procedure varies depending on the browser. It’s best to search for the instructions in Google with the search term “delete cookies Chrome” or “disable cookies Chrome” in the case of a Chrome browser.

Legal Basis

Since 2009, there are the so-called “cookie guidelines”. These state that the storage of cookies requires your consent (Article 6(1)(a) GDPR). Within EU countries, however, there are still very different reactions to these guidelines. In Austria, however, this directive was implemented in § 165 para. 3 of the Telecommunications Act (2021). In Germany, the cookie guidelines were not implemented as national law. Instead, the implementation of this directive was largely carried out in § 15 para. 3 of the Telemedia Act (TMG), which was replaced by the Digital Services Act (DDG) in May 2024.

For essential cookies, even without consent, there are legitimate interests (Article 6(1)(f) GDPR), which in most cases are of an economic nature. We want to provide website visitors with a pleasant user experience, and for this certain cookies are often absolutely necessary.

Where non-essential cookies are used, this is only done in the case of your consent. The legal basis in this respect is Art. 6(1)(a) GDPR.

In the following sections, you will be informed in more detail about the use of cookies, if the software used uses cookies.

Webhosting

Webhosting Summary

  • Data subjects: Visitors to the website
  • Purpose: professional hosting of the website and security of operations
  • Data processed: IP address, time of website visit, browser used, and additional data. More details can be found below or from the respective web hosting provider.
  • Storage duration: dependent on the respective provider, but usually 2 weeks
  • Legal bases: Art. 6(1)(f) GDPR (Legitimate Interests)

What is Web Hosting?

When you visit websites today, certain information – including personal data – is automatically created and stored, including on this website. This data should be processed as sparingly as possible and only with good reason. By website, we mean, by the way, the entirety of all web pages on a domain, i.e. everything from the homepage to the very last subpage (like this one). By domain, we mean, for example, example.co.uk or examplemodel.com.

If you want to view a website on a computer, tablet, or smartphone, you use a program called a web browser. You probably know some web browsers by name: Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari. We simply call them browsers or web browsers.

To display the website, the browser must connect to another computer where the website’s code is stored: the web server. Operating a web server is a complicated and demanding task, which is why this is usually done by professional providers, the providers. These offer web hosting and thus ensure reliable and error-free storage of website data. A lot of technical terms, but please stay with us, it gets better!

When the browser on your computer (desktop, laptop, tablet, or smartphone) connects to the web server for data transfer, personal data may be processed. On the one hand, your computer stores data, on the other hand, the web server must also store data for a period of time to ensure proper operation.

Why Do We Process Personal Data?

The purposes of data processing are:

  • Professional hosting of the website and security of operations
  • To maintain operational and IT security
  • Anonymous evaluation of access behaviour to improve our offer and, if necessary, for prosecution or assertion of claims

What Data is Processed?

Even while you are visiting our website, our web server, which is the computer on which this website is stored, usually automatically stores data such as

  • the complete internet address (URL) of the accessed web page
  • browser and browser version (e.g. Chrome 87)
  • the operating system used (e.g. Windows 10)
  • the address (URL) of the previously visited page (referrer URL) (e.g. https://www.examplesourcesite.co.uk/whereicamefrom/)
  • the hostname and IP address of the device from which access is made (e.g. COMPUTERNAME and 194.23.43.121)
  • date and time
  • in files, the so-called web server log files

How Long is Data Stored?

As a rule, the above-mentioned data is stored for two weeks and then automatically deleted. We do not pass on this data, but we cannot rule out that this data may be viewed by authorities in the event of illegal behaviour.

In short: Your visit is logged by our provider (the company that runs our website on special computers (servers)), but we do not share your data without your consent!

Legal Basis

The lawfulness of processing personal data in the context of web hosting is derived from Art. 6(1)(f) GDPR (legitimate interests), as the use of professional hosting with a provider is necessary to present the company securely and user-friendly on the internet and to be able to pursue attacks and claims arising from it if necessary.

There is usually a contract between us and the hosting provider for order processing in accordance with Art. 28 f. GDPR, which ensures compliance with data protection and guarantees data security.

1&1 IONOS Web Hosting Privacy Policy

1&1 IONOS Web Hosting Privacy Policy Summary

  • Data subjects: Visitors to the website
  • Purpose: Website storage and accessibility on the internet
  • Data processed: IP address, but especially technical data
  • Storage duration: Visitor data is deleted after 8 weeks
  • Legal bases: Art. 6(1)(f) GDPR (Legitimate Interests)

What is 1&1 IONOS Web Hosting?

To host our website, we use the web hosting services of the company IONOS by 1&1. In Germany, 1&1 IONOS SE is located at Elgendorfer Str. 57 in 56410 Montabaur. In Austria, you can find 1&1 IONOS SE at Gumpendorfer Straße 142/PF 266 in 1060 Vienna.

IONOS offers the following services around web hosting: Domain, Website & Shop, Hosting & WordPress, Marketing, Email & Office, IONOS Cloud, and Server. With over 22 million domains, almost 9 million customer contracts, and 100,000 servers, IONOS is one of the biggest German market leaders in the web hosting sector.

As we already mentioned in our introductory words on the topic of web hosting, through hosting, data from you or your end device is also stored on the IONOS servers. Above all, your IP address, which is known to be personal data, is stored. Additionally, technical data such as the URL of our web page, name of the internet browser, or which operating system you use are stored.

Why Do We Use 1&1 IONOS Web Hosting?

IONOS was founded in Germany as early as 1988 and thus has over 30 years of experience. However, this does not mean that the company does not continuously develop in technological terms. This very combination of experience and innovation offers, in our view, a good basis for our website. After all, we want our website to function smoothly 24 hours a day and to ensure a high level of security. Since IONOS does not limit the monthly data traffic and provides plenty of storage space, our website remains powerful even with many visitors. We are very satisfied with the speed of the website, and the price-performance ratio currently meets our requirements.

What Data is Processed by 1&1 IONOS Web Hosting?

1&1 IONOS Web Hosting can also process personal data from you. When you visit our website, the following data from you or your computer is stored at IONOS:

  • the previously visited website (also called the referrer)
  • the requested website (in this case, our website)
  • browser type and browser version
  • your operating system and device type
  • time of page access
  • your IP address in anonymised form

The collected data is used to increase the security of the website, to detect possible errors, and to conduct anonymous statistical analyses. According to IONOS, the anonymised IP address is only used to determine the location of access.

How Long and Where is the Data Stored?

The data is stored on IONOS’s own servers. In principle, IONOS stores the data for as long as necessary to fulfil their obligations. Visitor data is stored for 8 weeks. However, it may also happen that data is stored longer, for example, to have evidence for possible legal disputes. Visitor data is not shared with third parties and is not transferred to a country outside the EU.

How Can I Delete My Data or Prevent Data Storage?

You have the right at any time to information, correction, deletion, and restriction of the processing of your personal data. You can also revoke your consent to the processing of data at any time.

If you generally want to deactivate, delete or manage cookies, you will find the corresponding links to the respective instructions for the most common browsers under the section “Cookies”.

Legal Basis

On our part, there is a legitimate interest in using IONOS to provide our online service. Professional hosting with a provider is necessary to present our company securely and user-friendly on the internet and to be able to pursue possible cyber attacks. The corresponding legal basis for this is Art. 6(1)(f) GDPR (Legitimate Interests).

You can find much more information about data protection at IONOS in the privacy policy at https://www.ionos.co.uk/terms-gtc/privacy-policy/. If you have any further questions about data protection, you can also contact the IONOS data protection team by email at datenschutz@ionos.de.

All texts are protected by copyright.

Source: Privacy Policy created with the Data Protection Generator for Austria by AdSimple in German and then translated into English