Privacy Policy
**Privacy Policy**
We are pleased that you are visiting our website and thank you for your interest in our services. The protection of personal data is a matter of great importance to us. In principle, it is possible to use the Varma Ayurveada website without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, the processing of personal data (such as name, address, email address, or telephone number) may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we generally obtain consent from the data subject.
The processing of personal data always complies with the General Data Protection Regulation (GDPR) and the applicable country-specific data protection regulations. Through this privacy policy, our company aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this policy clarifies the rights of data subjects.
As the data controller, Varma Ayurveada has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. However, internet-based data transmissions may inherently have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.
### **1. Definitions**
The privacy policy of Varma Ayurveada is based on the terminology used by the European legislator in the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this privacy policy, we use the following terms, among others:
**a.) Personal Data**
Personal data refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
**b.) Data Subject**
A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
**c.) Processing**
Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, restriction, erasure, or destruction.
**d.) Restriction of Processing**
Restriction of processing means the marking of stored personal data to limit their future processing.
**e.) Profiling**
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
**f.) Pseudonymization**
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
**g.) Controller or Data Controller**
The controller or data controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
**h.) Processor**
A processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
**i.) Recipient**
A recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
**j.) Third Party**
A third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
**k.) Consent**
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
### **2. Name and Address of the Data Controller**
The data controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union, and other provisions related to data protection is:
Varma Ayurveada
Münsterbergstraße 23
79206 Breisach am Rhein
Germany
Phone: +49 7667 8380
Email: info@varmaayurveada.de
Website: www.varmaayurveada.de
### **3. Cookies**
To make our website user-friendly and optimally tailored to your needs, we use cookies. Cookies are small text files that are sent from a web server to your browser when you visit a website and stored locally on your device (PC, laptop, tablet, smartphone, etc.).
Many websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to be assigned to the specific browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other browsers that contain other cookies. A specific browser can be recognized and identified via the unique cookie ID.
This information is used to recognize you automatically when you revisit the website with the same device and to facilitate navigation.
You can consent to or reject cookies—including for web tracking—via your browser settings. You can configure your browser to refuse cookies in principle or to notify you before a cookie is stored. However, this may impair the functionality of the website (e.g., for orders). Your browser also offers the option to delete cookies (e.g., via “Clear browsing data”). This is possible in all common browsers. Further information can be found in the browser’s manual or settings.
### **4. Collection of General Data and Information**
The provider (or its web hosting provider) collects data about every access to the website (so-called server log files). Access data includes: the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
The provider uses the log data only for statistical analysis for the purpose of operation, security, and optimization of the website. However, the provider reserves the right to review the log data retrospectively if there is reasonable suspicion of unlawful use based on concrete evidence.
### **5. Subscription to Our Newsletter**
If you wish to subscribe to the newsletter offered on the website, we require your email address and information that allows us to verify that you are the owner of the provided email address and agree to receive the newsletter.
To ensure consent-based newsletter delivery, we use the double opt-in procedure. In this process, the potential recipient is added to a mailing list. Subsequently, the user receives a confirmation email with the option to legally confirm the registration. Only after confirmation is the address actively added to the mailing list.
We use this data exclusively for sending the requested information and offers.
We use the newsletter software **Brevo**. Your data is transmitted to the Sendinblue GmbH. Sendinblue is prohibited from selling your data or using it for purposes other than sending newsletters. Sendinblue is a certified German provider selected in accordance with the requirements of the GDPR and the German Federal Data Protection Act.
Further information can be found here: https://www.newsletter2go.de/informationen-newsletter-empfaenger/
You can revoke your consent to the storage of your data, email address, and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter.
Data protection measures are subject to constant technological updates. For this reason, we ask you to inform yourself about our data protection measures at regular intervals by reviewing our privacy policy.
Brevo is a service provided by Sendinblue, Köpenicker Straße 126, 10179 Berlin. Further information on data protection at Brevo can be found at: https://www.brevo.com/de/legal/privacypolicy/
### **6. Newsletter Tracking**
The newsletters from Varma Ayurveada contain so-called tracking pixels. A tracking pixel is a miniature graphic embedded in emails sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, Varma Ayurveada can recognize whether and when an email was opened by a data subject and which links in the email were clicked.
The personal data collected via the tracking pixels in the newsletters are stored and evaluated by the data controller to optimize newsletter delivery and better tailor the content of future newsletters to the interests of the data subject.
### **7. Contact Options via the Website/Contact Form and Email**
The Varma Ayurveada website contains information that enables quick electronic contact with us, including a general email address. Contact options in the form of contact forms include forms for general inquiries, booking and reservation requests, and forms for ordering brochures.
If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject is automatically stored. Such voluntarily provided personal data is stored for the purpose of processing or contacting the data subject.
When a user uses this contact option, the data entered in the input mask is transmitted to us and stored. This data includes: first name, last name, telephone number, and/or email address. At the time of sending the message, the following data is also stored: the user’s IP address, date, and time of registration. For the processing of the data, your consent is obtained during the submission process, and reference is made to this privacy policy.
Alternatively, contact can be made via the provided email address. In this case, the personal data transmitted with the email is stored. This personal data is not shared with third parties.
### **8. Routine Erasure and Blocking of Personal Data**
The data controller processes and stores personal data only for the period necessary to achieve the storage purpose or as required by European or national legislation.
If the storage purpose no longer applies or a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
### **9. Rights of the Data Subject**
**a.) Right to Confirmation**
Every data subject has the right to obtain confirmation from the data controller as to whether personal data concerning them is being processed.
**b.) Right to Access**
Every data subject has the right to obtain free information about their stored personal data and a copy of this information.
**c.) Right to Rectification**
Every data subject has the right to request the immediate correction of inaccurate personal data concerning them.
**d.) Right to Erasure (Right to Be Forgotten)**
Every data subject has the right to request the immediate deletion of their personal data under certain conditions.
**e.) Right to Restriction of Processing**
Every data subject has the right to request the restriction of processing under certain conditions.
**f.) Right to Data Portability**
Every data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
**g.) Right to Object**
Every data subject has the right to object to the processing of their personal data under certain conditions.
**h.) Automated Decision-Making, Including Profiling**
Every data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
**i.) Right to Withdraw Consent**
Every data subject has the right to withdraw their consent to the processing of personal data at any time.
### **10. Data Protection in Applications and the Application Process**
The data controller collects and processes personal data from applicants for the purpose of processing the application. Processing may also occur electronically. If the data controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion conflicts with other legitimate interests of the data controller.
### **11. Data Protection Provisions for the Use of Google Maps**
This website uses Google Maps to display geographical information. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using Google Maps, Google collects, processes, and uses data about the use of map functions by visitors.
### **12. Data Protection Provisions for the Use of Facebook**
This website integrates components of Facebook, a social network operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.
### **13. Data Protection Provisions for the Use of Google AdWords**
This website uses Google AdWords, an online advertising service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
### **14. Links to Other Websites**
This website contains links to other websites (“external links”). Varma Ayurveada is responsible for its own content in accordance with applicable European and national laws. We have no influence over whether the operators of other websites comply with applicable laws. Please refer to the privacy policies of the respective websites.
### **15. Legal Basis for Processing**
Processing is based on:
– Consent (Art. 6(1)(a) GDPR),
– Contract performance (Art. 6(1)(b) GDPR),
– Legal obligations (Art. 6(1)(c) GDPR),
– Vital interests (Art. 6(1)(d) GDPR), or
– Legitimate interests (Art. 6(1)(f) GDPR).
### **16. SSL Encryption**
This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as inquiries sent via the contact form.
### **17. Google reCAPTCHA**
To ensure sufficient data security when submitting forms, we use the reCAPTCHA service from Google Inc. in certain cases.
### **18. Duration of Storage of Personal Data**
Personal data is stored only for as long as necessary or as required by law.
### **19. Changes to the Privacy Policy**
We reserve the right to update this privacy policy as necessary to comply with legal requirements or to reflect changes in our services.
**Effective: May 2025**