Unless otherwise specified below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide your data. Failure to provide it will have no consequences. This only applies insofar as no other indication is given in the processing operations described below.

“Personal data” refers to all information relating to an identified or identifiable natural person.

Server Log Files

You can visit our website without providing any personal information.

Each time you access our website, usage data is transmitted to us or our web host/IT service provider by your internet browser and stored in log files (known as server log files). These stored data include, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred, and the requesting provider. Processing is carried out on the basis of Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in ensuring the smooth operation of our website and improving our offer.

Customer Account and Orders

Customer Account

When you open a customer account, we collect your personal data to the extent specified there. The processing serves to enhance your shopping experience and simplify order processing. The processing is based on Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us, without affecting the legality of the processing carried out based on the consent until withdrawal. Your customer account will then be deleted.

Collection, Processing, and Disclosure of Personal Data in Orders

When you place an order, we collect and process your personal data only to the extent necessary to fulfill and process your order and handle your inquiries. Providing the data is required for the conclusion of the contract. Failure to provide it means that no contract can be concluded. Processing is based on Art. 6 (1) lit. b GDPR and is necessary for the performance of a contract with you.

Your data will be passed on, for example, to the shipping companies and dropshipping providers you have selected, payment service providers, order processing service providers, and IT service providers. In all cases, we strictly comply with legal requirements. The scope of data transmission is limited to the minimum necessary.

Contact and Newsletter

Collection and Processing via Contact Form

When you use the contact form, we collect your personal data (name, email address, message text) only to the extent you provide. The data processing serves to establish contact. By submitting your message, you consent to the processing of the transmitted data. Processing is carried out based on Art. 6 (1) lit. a GDPR with your consent.

You can withdraw your consent at any time by notifying us, without affecting the legality of the processing carried out based on the consent until withdrawal. We use your email address only to process your inquiry. Your data will then be deleted, unless you have consented to further processing and use.

Use of Email Address for Newsletter

We use your email address independently of contract processing exclusively for our own advertising purposes to send newsletters, provided you have expressly agreed. Processing is based on Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the legality of processing carried out based on consent until withdrawal. You can unsubscribe from the newsletter at any time via the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the mailing list.

Shipping Service Providers

Disclosure of Email Address to Shipping Companies for Shipment Updates

We will pass on your email address to the shipping company as part of the contract processing, provided you have expressly agreed to this during the order process. The purpose is to inform you by email about the shipping status. Processing is based on Art. 6 (1) lit. a GDPR with your consent. You can withdraw your consent at any time by notifying us or the shipping company, without affecting the legality of processing carried out based on consent until withdrawal.

Credit Checks

Data Collection and Processing for Credit Checks

If we provide goods or services in advance, e.g., for purchase on account or direct debit, we reserve the right to obtain a credit report based on mathematical-statistical methods. For this purpose, we transmit the personal data required for the credit check and use the received information about the statistical probability of default for a balanced decision on the establishment, execution, or termination of the contractual relationship. The credit report may include probability values (score values) calculated using scientifically recognized mathematical-statistical methods, which may include address data. Your legitimate interests will be considered in accordance with legal requirements. The data processing serves the purpose of credit assessment for initiating a contract. Processing is based on Art. 6 (1) lit. f GDPR due to our overriding legitimate interest in protection against payment defaults when providing goods or services in advance. You have the right to object at any time, for reasons arising from your particular situation, to this processing of personal data concerning you based on Art. 6 (1) lit. f GDPR, by notifying us. Providing the data is necessary for concluding a contract with the payment method you wish. Failure to provide it means the contract cannot be concluded with the payment method you chose.

Cookies

This document informs users about the technologies this application uses to achieve the purposes described below. These technologies allow the owner to access and store information (e.g., using a cookie) or use resources (e.g., by running a script) on a user's device when interacting with this application.

For simplicity, all such technologies are referred to in this document as “trackers” unless a distinction is necessary.

For example, cookies can be used in both web and mobile browsers. However, it would be inaccurate to refer to cookies in the context of mobile apps since they are browser-based trackers. Therefore, this document uses the term “cookies” only when specifically referring to this type of tracker.

Some purposes for which trackers are used may also require the user’s consent. When consent is given, it can be freely withdrawn at any time according to the instructions in this document.

This application uses trackers managed directly by the owner (“first-party trackers”) and trackers that enable services provided by third parties (“third-party trackers”). Unless otherwise specified in this document, third-party providers may have access to the trackers they manage.

The validity and expiration of cookies and similar trackers may vary depending on the lifetime defined by the owner or the respective provider. Some expire when the user's browser session ends. In addition to the information provided in the descriptions below, users can find more detailed and updated information on the lifetime of trackers and other relevant details in the privacy policies of the respective third-party providers or by contacting the owner.

Activities Strictly Necessary for the Operation of This Application and Service Provision

This application uses so-called “technical” cookies and similar trackers to carry out activities strictly necessary for the operation or delivery of the service.

First-Party Trackers

Storage duration:

  • sessionid: 14 days

Third-Party Trackers

Traffic Optimization and Distribution

These services allow this application to distribute its content across servers in different countries and optimize their performance. The processed personal data depends on the characteristics and implementation of these services. Their function is to filter communication between this application and the user's browser. Due to the widespread use of such systems, it is difficult to determine where content containing personal information may be transferred.

Cloudflare (Cloudflare, Inc.)

Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. Cloudflare’s integration means it filters all traffic through this application—that is, communication between this application and the user’s browser—while also enabling the collection of analytics data.

Processed personal data: trackers and various types of data as specified in the service’s privacy policy.

Data processing location: United States – Privacy Policy.

Spam and Bot Protection

These services analyze this application’s traffic, which may contain users’ personal data, to filter out parts of the traffic, messages, and content recognized as spam or to protect the application from malicious bot activities.

Google reCAPTCHA (Google Ireland Limited)

Google reCAPTCHA is a spam protection service provided by Google Ireland Limited. The use of reCAPTCHA is subject to Google's privacy policy and terms of service.

Processed personal data: answers to questions, clicks, keystrokes, motion sensor events, mouse movements, scroll positions, touch events, trackers, and usage data.

Data processing location: Ireland – Privacy Policy.

Storage duration:

  • _GRECAPTCHA: duration of the session

  • rc::a: unlimited

  • rc::b: duration of the session

  • rc::c: duration of the session

Other Activities Using Trackers

Functionality

This application uses trackers to enable basic interactions and functions that allow users to use selected features of the service and facilitate communication between users and the owner.

Interaction with Live Chat Platforms

These services allow users to interact directly with third-party live chat platforms from the pages of this application to contact and be contacted by the support service. When such services are installed, they may collect browser and usage data from the pages they are installed on, even if users do not actively use the service. Additionally, live chat conversations may be recorded.

Pure Chat Widget (Pure Chat, Inc.)

The Pure Chat Widget is a service for interacting with the Pure Chat live chat platform provided by Pure Chat, Inc.

Processed personal data: data transmitted while using the service, trackers, and usage data.

Data processing location: United States – Privacy Policy.

Enhancing the User Experience

Swiper.js

Swiper.js is a versatile tool for creating interactive and dynamic slideshows on your website. It offers features such as touch support, responsive design, navigation controls, various slide types, autoplay options, visual effects, customization possibilities, accessibility, and interactive behavior. It is an excellent way to enhance the user experience on your website.

Data processing location: United States – Privacy Policy.

jQuery

jQuery is an open-source JavaScript library primarily used to simplify HTML document traversal and manipulation, event handling, and more. It is not a service or product that typically has its own privacy policy. Instead, the use of jQuery is governed by the privacy policies and terms of use of the websites or applications that implement it. jQuery is generally privacy-neutral, as it is a client-side library intended to improve the functionality of websites and usually does not collect or process personal user data on its own.

Measurement

This application uses trackers to measure traffic and analyze user behavior in order to improve the service.

Analytics

The services described in this section allow the owner to monitor and analyze web traffic and can be used to track user behavior.

Google Analytics 4 (Google Ireland Limited)

Google Analytics 4 is a web analytics service provided by Google Ireland Limited ("Google"). Google uses the collected data to track and examine the use of this application, to prepare reports on its activities, and to share them with other Google services. Google may use the collected data to contextualize and personalize ads within its own advertising network. In Google Analytics 4, IP addresses are used at the point of collection and then discarded before being logged in a data center or server. Users can find more information in Google’s official documentation.

Personal data processed: Number of users, session statistics, trackers, and usage data.

Place of processing: Ireland – Privacy PolicyOpt-out.

Storage duration:

  • _ga: 2 years

  • _ga_*: 2 years

How to manage preferences and give or withdraw consent

There are various ways to manage preferences related to trackers and to give or withdraw consent, where applicable:

Users can manage tracker-related preferences directly through their device settings, for example by preventing the use or storage of trackers.

Additionally, if the use of trackers is based on consent, users can give or withdraw that consent via the cookie notice or update such preferences using the relevant consent management/privacy preference widget, if available.

It’s also possible to delete previously stored trackers via browser or device functions, including those used to remember the user’s original consent preferences.

Other trackers stored in the browser’s local storage can be deleted by clearing the browser history.

For third-party trackers, users can manage preferences via the relevant opt-out link (if provided), by using the means described in the third-party’s privacy policy, or by contacting the third party directly.

How to find tracker settings

Users can find information on managing cookies in the most common browsers at the following addresses:

Users can also manage certain types of trackers used in mobile apps via device settings, such as advertising preferences for mobile devices or general tracking settings (open device settings and search for the relevant option).

Effects of refusing the use of trackers

Users are free to decide whether to allow the use of trackers. However, trackers help this application provide a better user experience and advanced features (in line with the purposes stated in this document). If the user chooses to block trackers, the owner may not be able to provide the relevant functions.

Owner and data controller

SanaBio GmbH, Germany, Lange Goehren 4 b, D-39171 Suelzetal OT Osterweddingen
Owner’s contact email: [email protected]

Since the use of third-party trackers by this application cannot be fully controlled by the owner, any references to third-party trackers should be considered indicative. To obtain complete information, users are advised to consult the privacy policies of the respective third-party services listed in this document.

Given the objective complexity of tracking technologies, users are encouraged to contact the owner if they wish to receive further information about the use of such technologies by this application.

Definitions and legal references

  • Personal data (or data): Any information that directly, indirectly, or in combination with other information — including a personal identification number — allows the identification or identifiability of a natural person.

  • Usage data: Information collected automatically by this application (or third-party services used in this application), including: IP addresses or domain names of computers used by users of this application, URI addresses (Uniform Resource Identifier), time of request, method used to submit the request to the server, size of the file received in response, numerical code indicating the server’s response status (success, error, etc.), country of origin, browser and operating system characteristics, time spent per visit (e.g., time spent on each page within the application), details of the path followed within the application with special reference to the sequence of pages visited, and other parameters about the user’s device operating system and/or IT environment.

  • User: The individual using this application, who, unless otherwise specified, corresponds to the data subject.

  • Data subject: The natural person to whom the personal data refers.

  • Data processor (or processor): The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller, as described in this privacy policy.

  • Data controller (or owner): The natural or legal person, public authority, agency, or other body that determines, alone or jointly with others, the purposes and means of the processing of personal data, including the security measures regarding the operation and use of this application. Unless otherwise specified, the data controller is the owner of this application.

  • This application: The means by which the user’s personal data is collected and processed.

  • Service: The service provided by this application as described in the relevant terms (if available) and on this website/application.

  • European Union (or EU): Unless otherwise specified, references in this document to the European Union include all current EU member states and the European Economic Area.

  • Cookie: Cookies are trackers consisting of small data sets stored in the user’s browser.

  • Tracker: Tracker refers to any technology — e.g., cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting — that enables the tracking of users, for example by accessing or storing information on the user’s device.

Legal information

This privacy statement exclusively covers this application, unless otherwise stated.

Analytics & Advertising

The following data processing operations, especially the setting of cookies, are carried out on the basis of Article 6(1)(f) GDPR, stemming from our overriding legitimate interest in:

  • designing the website according to needs and targeting, e.g., using analytics and statistics tools,

  • specifically addressing site visitors with interest-based advertising, e.g., through conversion tracking.

You have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data based on Article 6(1)(f) GDPR.

Use of Google Analytics

We use the web analytics service Google Analytics from Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google").

The data processing serves the purpose of analyzing this website and its visitors. Google, on behalf of the operator of this website, will use the information obtained to evaluate your use of the website, compile reports on website activity, and provide other services relating to website and internet use to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google Analytics uses cookies to enable analysis of your website usage. The information generated by the cookies about your use of this website is generally transmitted to and stored on a Google server in the USA. IP anonymization is activated on this website, meaning your IP address will be shortened by Google within EU member states or in other contracting states to the Agreement on the European Economic Area before transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

Google is certified under the EU-US Privacy Shield and is therefore committed to complying with European data protection regulations.

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plug-in available at [https://tools.google.com/dlpage/gaoptout?hl=en].

To prevent data collection and storage by Google Analytics across devices, you can set an opt-out cookie. Opt-out cookies prevent your data from being collected on future visits to this website. You must perform the opt-out on every device and browser you use. If you delete your cookies, you will need to set the opt-out cookie again. Click here to set the opt-out cookie: Deactivate Google Analytics.

Further information on terms of use and data protection can be found at Google Analytics Terms of Service and in the Google Privacy Policy.

Use of Google Inc.’s Remarketing or “Similar Audiences” Function

We use the Remarketing or “Similar Audiences” function of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”) on our website. This application serves the purpose of analyzing visitor behavior and interests.

To carry out the analysis of website usage, which forms the basis for creating interest-based advertisements, Google uses cookies. These cookies record visits to the website as well as anonymized data about the use of the website. No personal data of website visitors is stored. If you subsequently visit another website in the Google Display Network, you may be shown ads that are likely to take into account the product and information areas you previously viewed.

Your data may be transferred to the USA. Google is certified under the US-EU Privacy Shield agreement and has committed to complying with European data protection regulations. You can permanently deactivate Google’s use of cookies by following the link below and downloading and installing the plugin provided there:
https://support.google.com/ads/answer/7395996?hl=de

Alternatively, you can prevent the use of cookies by third parties by visiting the Network Advertising Initiative’s opt-out page at https://www.networkadvertising.org/choices/ and following the opt-out instructions provided there.

Further information about Google Remarketing and the corresponding privacy policy can be found at: https://www.google.com/privacy/ads/

Use of Google Ads Conversion Tracking

We use the online advertising program “Google Ads” on our website, and within this framework, we use conversion tracking (tracking of visitor actions). Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

When you click on an ad placed by Google, a cookie for conversion tracking is stored on your device. These cookies have a limited validity period, do not contain any personal data, and therefore cannot be used to personally identify you. If you visit certain pages of our website before the cookie has expired, Google and we can recognize that you clicked on the ad and were redirected to our site. Each Google Ads customer receives a different cookie, so cookies cannot be tracked across the websites of different Ads customers.

The information collected with the help of the conversion cookie serves the purpose of creating conversion statistics. This allows us to find out the total number of users who clicked on one of our ads and were redirected to a page with a conversion tracking tag. However, we do not receive any information that would personally identify users.

Your data may be transferred to the USA. Google is certified under the US-EU Privacy Shield agreement and has committed to complying with European data protection regulations.

You can deactivate personalized advertising in your Google advertising settings. Instructions can be found at:
https://support.google.com/ads/answer/2662922?hl=de

Alternatively, you can prevent the use of cookies by third parties by visiting the Network Advertising Initiative’s opt-out page at https://www.networkadvertising.org/choices/ and following the opt-out instructions provided there.

If you opt out, you will not be included in the conversion tracking statistics.

Further information and Google’s privacy policy can be found at: https://www.google.de/policies/privacy/

Use of Facebook Remarketing

We use the “Custom Audiences” remarketing function of Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA; “Facebook”) on our website.

This application serves the purpose of targeting visitors of our website with interest-based advertising on the Facebook social network. For this, the Facebook remarketing tag has been implemented on our website. When you visit our website, a direct connection is established to Facebook servers through this tag. It informs the Facebook server which of our pages you have visited. Facebook then assigns this information to your personal Facebook user account. When you visit Facebook, you will then see personalized, interest-based Facebook ads.

Your data may be transferred to the USA. Facebook is certified under the US-EU Privacy Shield agreement and has committed to complying with European data protection regulations.

You can deactivate the “Custom Audiences” remarketing function here.

Further information about the collection and use of data by Facebook, your rights in this regard, and options to protect your privacy can be found in Facebook’s privacy policy at: https://www.facebook.com/about/privacy/

Rights of Data Subjects and Retention Period

Retention Period

After complete contract processing, the data will first be stored for the duration of the warranty period, then in accordance with statutory retention periods, especially tax and commercial law obligations. After these periods have expired, the data will be deleted unless you have consented to further processing or use.

Rights of Data Subjects

Under the legal requirements, you have the following rights under Articles 15 to 20 of the GDPR: the right of access, rectification, erasure, restriction of processing, and data portability. Additionally, you have the right to object to processing based on Article 6(1)(f) GDPR, as well as to processing for direct marketing purposes, under Article 21(1) GDPR.

Please contact us if you wish to exercise your rights. Our contact details can be found in our legal notice (impressum).

Right to Lodge a Complaint with a Supervisory Authority

According to Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is unlawful.

Right to Object

If the processing of personal data described here is based on our legitimate interests according to Article 6(1)(f) GDPR, you have the right to object to this processing at any time with future effect, based on reasons arising from your particular situation.

After an objection, we will stop processing the affected data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights, and freedoms, or if the processing serves the establishment, exercise, or defense of legal claims.

Services page

Shop page

Home page

Product categories

Food
Cosmetics
Aromas & Essential Oils
Animal Feed

Products

Image Ginger Extract ORGANIC
Organic Ginger extract
Image Organic Avocado Oil Cold Pressed
Organic Avocado oil cold pressed
Image Organic Stone Pine Oil
Organic Stone pine oil Essential Oil
Image Organic Arnica flower extract
Organic Arnica Flower Oil Extract
Image Apricot kernel oil organic cold pressed
Organic Apricot kernel oil, cold pressed
Image Chamomile Oil Roman Organic
Organic Chamomile Roman Oil
Image Black Currant Seed Oil Organic Cold Pressed
Organic currant seed oil, black, cold pressed
Image Sesame Oil ORGANIC refined
Organic Sesame oil, refined
Image Organic Cold-Pressed Rosehip Oil
Organic cold-pressed rosehip oil
Image Hyssop Oil ORGANIC
Organic Ysop (Hyssop) Oil