Privacy policy

We appreciate your interest in our webshop. Protecting your privacy is very important to us. Below, we provide detailed information about how we handle your data.

1. Access Data and Hosting

You can visit our webshop without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.

This access data is evaluated exclusively for the purpose of ensuring the smooth operation of the website and improving our offering. Pursuant to Art. 6 (1) (f) GDPR, this serves to safeguard our legitimate interests in the correct presentation of our offering, which prevail within the framework of a balancing of interests. All access data will be deleted no later than seven days after your visit to the site.

Hosting Services Provided by a Third-Party Provider

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, in the EU. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz.
It is our legitimate interest to provide a website, so the legal basis for the described data processing is Art. 6 (1) (f) GDPR.
We use the content delivery network Shopify for our website. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes the personal data transmitted via the website, e.g., content, usage, meta/communication data, or contact data, in the EU. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz.
We have a legitimate interest in using sufficient storage and delivery capacities to ensure optimal data throughput even during peak loads. The legal basis for the data processing described is therefore Art. 6 (1) (f) GDPR.

2. Data collection and use for contract processing

We collect personal data when you voluntarily provide it to us when contacting us (e.g., via contact form or email). Mandatory fields are marked as such, as in these cases we absolutely need the data to process your contact, and without it you cannot send the contact. The data collected can be seen in the respective input forms. We use the data you provide in accordance with Art. 6 (1) (b) GDPR to process your inquiries. Your data will be deleted after your customer inquiry has been fully processed.

3. Data Transfer

In order to answer your inquiry, we may share your data with our suppliers.

4. Cookies, Web Analytics, and Integration of Third-Party Services

In order to make visiting our website more attractive and enable the use of certain functions, to display suitable products, or for market research, we use so-called cookies on various pages. This serves to protect our legitimate interests in an optimized presentation of our offering, which prevail within the context of a balancing of interests, in accordance with Art. 6 (1) (f) GDPR.

Cookies are small text files that are automatically stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). You can find out the storage duration from the overview in your web browser's cookie settings.

You can set your browser to inform you about the use of cookies and decide individually whether to accept them, or to exclude them in certain cases or generally. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for the respective browsers at the following links:

Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Safari™: https://support.apple.com/de-at/HT201265
Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&h

lrm=en&answer=95647
Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Opera™: http://help.opera.com/Windows/10.20/de/cookies.html

If you do not accept cookies, the functionality of our website may be limited.

Google Analytics and Google Adwords

This website uses Google Analytics 4, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Google Analytics uses so-called cookies.

On behalf of the website operator, Google will use the information generated by the cookies to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, we would like to point out that this website uses Google Analytics with the "anonymizeIP" extension and therefore IP addresses are only processed in a shortened form to prevent direct personal reference. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

The data we send and linked to cookies, user IDs (e.g., user ID), or advertising IDs is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

We also use the online advertising program "Google AdWords" and, as part of Google AdWords, Google Conversion Tracking. When you click on an ad served by Google, a conversion tracking cookie is stored on your computer. These cookies expire after 30 days, do not contain any personal data, and are therefore not used for personal identification.

If you visit certain pages of our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to that page. Each Google AdWords customer receives a different cookie. This means that cookies cannot be tracked across AdWords customers' websites. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. Customers only learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in tracking, you can object to this use by preventing the installation of cookies through the appropriate settings in your browser software (deactivation option).

You can also generally prevent the storage of cookies by setting your browser software accordingly; however, we repeatedly point out that in this case, you may not be able to use all the functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/de.html, https://policies.google.com or http://www.google.com/policies/technologies/ads/, http://www.google.de/policies/privacy/.

By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.

Facebook Pixel, Remarketing, and Retargeting

With your consent, our website uses the Conversion Tracking Pixel service from Facebook, Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA ("Facebook"). This allows us to track users' actions after they have been redirected to a provider's website by clicking on a Facebook ad. This enables us to record the effectiveness of Facebook ads for statistical and market research purposes.

The data collected remains anonymous.

This means that we cannot access the personal data of individual users. However, the data collected is stored and processed by Facebook. We will inform you about this matter based on our current information. Facebook may link the data to the data in your Facebook account and use the data for its own advertising purposes, in accordance with the Facebook Data Policy https://www.facebook.com/about/privacy/. Facebook Conversion Tracking also allows Facebook and its partners to show you ads on and off Facebook. In addition, a cookie is stored on your computer for these purposes.

Only users over the age of 16 may give their consent. If you are under the age of 16, please contact your legal guardian.

Please click here to withdraw your consent or edit your privacy settings on Facebook: https://www.facebook.com/ads/website_custom_audiences/.

Our website also integrates remarketing tags from the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA. When you visit our pages, a direct connection is established between your browser and the Facebook server via the remarketing tags. Facebook thus receives the information that you have visited our page using your IP address. This allows Facebook to associate your visit to our pages with your user account. We can use the information obtained in this way to display Facebook ads. Please note that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/.

Please click here to withdraw your consent or edit your privacy settings on Facebook: https://www.facebook.com/ads/website_custom_audiences/.

Google reCAPTCHA

We use Google reCAPTCHA on our website to monitor and prevent interactions on our website through automated access, e.g., by so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google." This service allows Google to determine the website from which a request is sent and the IP address from which you use the reCAPTCHA input box. In addition to your IP address, Google may also collect other information necessary to provide and guarantee this service. The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the security of our website and in preventing unwanted, automated access in the form of spam or similar.

Google offers further information on the general handling of your user data at

https://policies.google.com/privacy.

Google Fonts
We use Google Fonts on our website to display external fonts. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as "Google."

To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you visit our website.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the optimization and economic operation of our website.

The connection to Google established when you visit our website allows Google to determine which website sent your request and to which IP address the font display should be transmitted.

Google offers further information at

https://adssettings.google.com/authenticated

https://policies.google.com/privacy

in particular on the options for preventing data usage.

Consent Management with Usercentrics

We use the Usercentrics Consent Management platform on our website. Usercentrics is a consent management service provided by Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. Usercentrics Consent Management enables us to obtain your consent to store certain cookies and to comply with data protection-compliant consent management.

When you visit our website, the following data is collected and transmitted to Usercentrics through the use of the service:

Opt-in and opt-out data (consent and revocation of consent)
Information about your browser
Information about your device
Your geographic location
Date and time of your visit
The page path of the website
Request URLs of the website

Legal basis

Legal basis for the processing of your personal data

The legal basis for this data processing is Art. 6 (1) (s) 1 (c) GDPR.

Retention period

The consent data (consent and revocation of consent) will be stored for three years. The data will then be deleted immediately or, upon request, forwarded to the responsible person in the form of a data export.

You can access the privacy policy of the data recipient, Usercentrics GmbH, here:

https://usercentrics.com/de/datenschutzerklaerung/

Newsletter

We reserve the right to inform customers who have already used our services or purchased goods from us from time to time by email or other electronic means about our offers, unless they have objected. The legal basis for this data processing is Art. 6 (1) (s) 1 (f) GDPR. Our legitimate interest lies in direct marketing (Recital 47 GDPR). Customers can object to the use of their email address for advertising purposes at any time at no additional cost, for example, via the link at the end of each email or by emailing us at the email address listed below.

Interested parties have the option of subscribing to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Registration takes place by selecting the corresponding box on our website, by checking the corresponding box in a paper document, or by another unambiguous action, whereby interested parties declare their consent to the processing of their data. The legal basis is Art. 6 (1) (a) GDPR. Consent can be revoked at any time, e.g., by clicking the corresponding link in the newsletter or by sending a message to the email address provided above. The processing of data up to the point of revocation remains lawful, even in the event of revocation.

Based on the recipients' consent (Art. 6 (1) (a) GDPR), we also measure the opening and click rates of our newsletters to understand which content is relevant to our recipients.

We send newsletters using Shopify Email, Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (privacy policy: https://www.shopify.com/de/legal/datenschutz). The provider processes content, usage, meta/communication data, and contact data in Canada and the USA.

Trusted Shops

We use Trusted Shops as a seal of quality. The provider is Trusted Shops GmbH, Colonius Carré, Subbelrather Straße 15c, 50823 Cologne, Germany. The provider processes usage data (e.g., websites visited, interest in content, access times) in the EU.

The legal basis for processing is Art. 6 (1) (a) GDPR. Processing is based on consent. Data subjects can revoke their consent at any time, e.g., by contacting us using the contact details provided in our privacy policy. Revocation does not affect the legality of the processing until the revocation.

The data will be deleted when the purpose for which it was collected no longer applies and there is no obligation to retain it. Further information can be found in the provider's privacy policy at https://www.trustedshops.de/impressum/#datenschutz.

Contact form

When you contact us via the contact form on our website, we save the data requested there and the content of the message.

The legal basis for processing is our legitimate interest in answering inquiries addressed to us. The legal basis for processing is therefore Art. 6 (1) (f) GDPR.

We delete the data collected in this context once storage is no longer required or restrict processing if statutory retention periods apply.

Customer Account

Visitors to the website can open a customer account on our website. We process the data requested in this context based on the visitor's consent. The legal basis for this processing is therefore Art. 6 (1) (a) GDPR.

Consent can be revoked at any time, e.g., via the contact details provided in our privacy policy. Revocation does not affect the legality of the processing up to the time of revocation. If consent is revoked, we will delete the data unless we are obligated or authorized to continue storing it.

Offering Goods

We offer goods via our website. When placing an order, we process the following data:

Name,

Address,

Telephone number (optional),

Email address,

Packstation,

Payment details (bank details, credit card, etc.).

The data is processed to fulfill the contract concluded with the respective visitor (Art. 6 (1) (b) GDPR).

We will pass on this data to DHL if necessary for the purpose of processing the order.

The legal basis for processing is Art. 6 (1) (b) GDPR, as it is necessary for the fulfillment of the contract.

Payment service providers

To process payments, we use payment processors who are themselves responsible for data protection within the meaning of Art. 4 (7) GDPR. To the extent that they receive data and payment details entered by us during the ordering process, we thereby fulfill the contract concluded with our customers (Art. 6 (1) (b) GDPR).

These payment service providers are:

• American Express Europe S.A.

• Apple Inc., USA (for Apple Pay)

• Google Ireland Limited, Ireland (for Google Pay)

• Klarna Bank AB (publ), Sweden ("Klarna on account")

• Klarna Bank AB (publ), Sweden ("Klarna Sofort")

• Mastercard Europe SA, Belgium

• PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

• Shopify Inc., Canada (for Shop Pay)

• Visa Europe Services Inc., United Kingdom

5. Our Social Media Presences

This privacy policy applies to the following social media presences:

https://www.facebook.com/femidoc1/

https://www.instagram.com/femidoc.ig/

https://www.youtube.com/@doc_phytolabor

Data processing by social networks

We maintain publicly accessible profiles on social networks. The social networks we use can be found below.

Social networks such as Facebook, X, etc. can generally comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles that contain your preferences and interests. This way, interest-based advertising can be displayed to you both within and outside of the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policies of the respective social media portals.

Legal basis

Our social media presence is intended to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Controller and Assertion of Rights

If you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations initiated during this visit. You can generally exercise your rights (right to information, rectification, erasure, restriction of processing, data portability, and complaints) both with us and with third parties. the operator of the respective social media portal (e.g., Facebook).

Please note that, despite our joint responsibility with the social media portal operators, we do not have full influence over the data processing procedures of the social media portals. Our options depend largely on the company policies of the respective provider.

Storage Period

The data we collect directly via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of the social networks for their own purposes. For details, please refer to Please contact the operators of the social networks directly (e.g., in their privacy policy, see below).

Your rights

You have the right to obtain information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to object, to data portability, and to lodge a complaint with the competent supervisory authority. Furthermore, you can request the correction, blocking, deletion, and, under certain circumstances, the restriction of the processing of your personal data.

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter Meta). According to Meta, the collected data is also transferred to the USA and other third countries.

We have concluded a joint processing agreement (Controller Addendum) with Meta. This agreement specifies which data processing operations we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

Details can be found in Facebook's privacy policy: https://www.facebook.com/about/privacy/.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The Data Privacy Framework (DPF) is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is committed to complying with these data protection standards. Further information can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant#detail?contact=true&id=a2zt0000000GnywAAC&status=Active

Instagram

We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Data transfer to the USA is based on the EU Commission's standard contractual clauses. Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum,

https://privacycenter.instagram.com/policy/ and

https://de-de.facebook.com/help/566994660333381.

Details on how Instagram handles your personal data can be found in its privacy policy:

https://privacycenter.instagram.com/policy/.

The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards when processing data in the United States. Every company certified under the DPF is committed to adhering to these data protection standards. Further information about this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant#detail?contact=true&id=a2zt0000000GnywAAC&status=Active

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in YouTube's privacy policy:

https://policies.google.com/privacy?hl=de.

The company is certified according to the "EU-US Data Privacy Framework" (DPF). The DPF is an agreement between the European Union and the USA designed to ensure compliance with European data protection standards for data processing in the USA. Every company certified according to the DPF is committed to complying with these data protection standards. Further information on this can be obtained from the provider at the following link:

https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

6. Contact options and your rights

As a data subject, you have the following rights:

• According to Art. 15 GDPR, the right to request information about your personal data processed by us, to the extent specified therein;
• According to Art. 16 GDPR, the right to immediately request the rectification of inaccurate or incomplete personal data stored by us;
• According to Art. 17 GDPR, the right to request the erasure of your personal data stored by us, unless further processing is required.
• to exercise the right to freedom of expression and information;

- to fulfill a legal obligation;

- for reasons of public interest or

- to assert, exercise, or defend legal claims

is necessary;

• pursuant to Art. 18 GDPR, the right to request the restriction of the processing of your personal data, provided that

- you contest the accuracy of the data;

- the processing is unlawful, but you refuse to delete it;

- we no longer need the data, but you need it to assert, exercise, or defend legal claims, or

- you have objected to the processing pursuant to Art. 21 GDPR;

• pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, common, and machine-readable format or to request that it be transmitted to another controller;
• pursuant to Art. 77 GDPR, the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or work, or our company headquarters.

If you have any questions about the collection, processing, or use of your personal data, or if you wish to request information, correction, blocking, or deletion of data, as well as the revocation of any consent granted or objection to a specific use of data, please contact:

guterrat Gesundheitsprodukte GmbH&Co. KG

Eduard-Bodem-Gasse 6

A - 6020 Innsbruck

+43 512 296002

datenschutz@guterrat.net

-----------------------------------------------------------------------

Right of Objection

If we process personal data as explained above to protect our legitimate interests, which prevail within the framework of a balancing of interests, you can object to this processing with effect for the future. If the processing is carried out for direct marketing purposes, you can exercise this right at any time as described above. If processing is carried out for other purposes, you only have the right to object if there are reasons related to your particular situation.

After exercising your right of objection, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

This does not apply if the processing is carried out for direct marketing purposes. In this case, we will no longer process your personal data for this purpose.