Privacy Policy

1. INTRODUCTION

We are committed to protecting your privacy and processing your personal data in a transparent, secure and lawful manner.

Barebells Functional Foods Deutschland GmbH, registration number 153423 B (“Company”, “we”, “us” or “our”) will process your personal data when you visit and use the services provided on www.barebells.de (the “ Website ”) or otherwise interact with us as described herein. Below you will find information about what type of personal data we process, why we do so, what we use it for, how we may share it, and what rights you have as a data subject. The Company is the controller responsible for processing your personal data unless otherwise stated in this Privacy Policy.

We will only use your personal data for the purposes, legal bases and retention periods listed below.

2. WHAT IS PERSONAL DATA?

Personal data is data relating to an identified or identifiable natural person (“ data subject ”), i.e., all types of data that can be attributed to an individual. Examples include names, email addresses, or telephone numbers if they can be attributed to a specific living individual, but also, for example, photographs in which the person can be recognized.

3. WHAT DOES “PROCESSING” OF PERSONAL DATA MEAN?

The term "processing" covers all types of operations carried out with personal data. The definition is very broad and encompasses all handling of data, from collection, recording, storage, and adaptation to use, dissemination, and even erasure of personal data.

4. WHICH PERSONAL DATA DO WE PROCESS, FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS?

We process personal data in order to fulfill or conclude an agreement with you (Art. 6 para. 1 lit. b GDPR):

  • When you purchase products or services from us, we process your personal data to fulfill our contractual obligations to you. This personal data includes your identity (first and last name), delivery/billing address, telephone number, email address, order information, payment details, payment history, credit card information, and payment reference number.

  • If you request support from us through our support channels based on an agreement with you, we will process your personal data to assist you with the matter (namely your name, email address and other contact details, your order details, purchase amount, purchase history, invoice, payment method, our correspondence with you, technical data on the devices and operating system used). At your request, we may also process personal data such as bank details, place of work, telephone number, health data (such as allergy reactions or other health information you provide), provided you give your explicit consent for such processing, images you attach, or your social status if you mention it during our conversation.

  • By accepting the terms and conditions of participation in an event organized by us, you have provided us with personal data such as contact details (e.g., name, email address, postal address, and telephone number) and, if applicable, health information (e.g., injuries or allergies). We require this data to organize and conduct the event safely. If you provide us with health information, we will also request your explicit consent for such processing. Since we take photos and videos during our events for future marketing purposes, we may, as agreed in the terms and conditions, also collect, edit, and distribute photos and videos in which you are visible and identifiable on social media.

  • By accepting the terms and conditions of a sweepstakes, prize draw, or other competition organized by us, you have provided us with personal data such as your name, delivery address, telephone number, email address, social media username(s), age, and possibly a submission (e.g., a photo or video) in which you can be identified. We use this data to conduct the promotion (e.g., for identification and age verification, or to select a winner and distribute the corresponding prize or service) and, in some cases, as a basis for future promotions. If the prize is a trip, we may also process data such as nationality and health information (e.g., allergies) that we need for security reasons.

  • When you enter into an agreement with us regarding event sponsorship, product manufacturing, or other professional collaboration, you provide us with personal data such as your contact information (e.g., name, address, telephone number, position, and employer). We use this data to fulfill our agreement with you.

  • When you register for our customer club, you provide us with personal data such as your username and email address. A password is not required. Instead, each time you log in to the customer club, a link will be sent to the email address you provided. You must click this link to access the customer club. We need this information to set up and manage your club account, identify authorized users, and provide you with the desired features within the customer club.

The legal basis for our processing of this personal data is that the processing is necessary to fulfill or conclude an agreement with you.

We process personal data on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR).

  • If you have registered for an event or trip we organize, you have provided us with information such as your contact details (e.g., name, address, telephone number, and email address). Since it is the nature of such events to take photos and videos for visibility and marketing purposes, we may also process such material in which you can be identified.

  • If you have registered for an event or trip we organize, you have provided us with information such as your contact details (e.g., name, address, telephone number, and email address). Since it is the nature of such events to take photos and videos for visibility and marketing purposes, we may also process such material in which you can be identified.

  • If you, as a registered user of our customer club, voluntarily enter personal data such as your date of birth, your name, your country, your city, your language, a profile picture or your Instagram handle in your profile, we will display this information in your profile.

  • If you have contacted us with questions or complaints about our products (not based on an agreement with you), you may have provided us with personal information such as your name, address, email address, and telephone number. We use this information to answer your questions, investigate product problems, track or report health risks, compensate you, and prevent fraudulent activity, such as unfounded complaints and compensation claims.

  • If you choose to contact us via one of our general email addresses regarding suggestions for new flavors, products or campaigns, either at our general invitation or on your own initiative, you will be providing us with personal data which we will use to respond to and evaluate the content of your email.

  • If it is necessary to protect our rights, as we have a legitimate interest in asserting, exercising and defending legal claims.

  • If we sell or otherwise dispose of all or part of our business and/or assets.

We process this personal data based on our assessment that it is necessary for the purposes of our legitimate interest in promoting our products and brands, remaining competitive as a company, and conducting our business. We believe that in this case, our legitimate interest is not overridden by your interests or fundamental rights and freedoms that require the protection of personal data, since you have provided us with your personal data yourself or even at your initiative, and we are processing the data for purposes that should meet your expectations.

If we have entered into an agreement regarding any of the above-mentioned activities, our processing of the associated personal data will instead be based on the performance of that agreement.

Legal requirements, public interest and consent (Art. 6 para. 1 lit. c, e, a GDPR).

We may need to process your personal data to comply with legal requirements (e.g., record-keeping obligations) and at the direction of courts or authorities (e.g., for tax purposes). We may also be legally obligated or compelled by public interest to process personal data related to product-related issues in order to track and monitor potential health risks.

Furthermore, we may process your personal data based on your consent. In this case, we will obtain your consent in advance for a specific purpose and ensure that it is given freely, specifically, in an informed manner, and unambiguously. You have the right to withdraw your consent at any time and can change your privacy settings here or contact our Data Protection Officer (“DPO”) using the contact details provided below. Please note that a withdrawal of consent does not apply retroactively to processing operations already carried out.

  • When you register for messages, invitations, and offers (direct marketing), we process your personal data (such as your name, phone number, address, and email address) to provide the services you have subscribed to. We use this information to send you relevant messages and communications, for example, via email. You can unsubscribe from receiving future messages and communications from us in any communication we send you. Our direct marketing may be based on profiling, which means we can tailor the information we provide to you based on certain characteristics. We use the following types of personal data to create a profile: your gender, location, previous purchases, behavior on our website, your previous behavior in receiving our direct marketing communications, and/or data you have voluntarily provided as a registered user of our customer club, such as date of birth, city, language, profile picture, and Instagram handle (if we have collected such data). This may also mean that we send you email reminders about products you have left in your shopping cart, provided you have accepted the necessary cookies. Categories of personal data include all data collected in connection with a purchase (see above), email address, location (based on the company website you use to sign up for our marketing communications), any communication sent to you, your order history, the emails you have clicked on, and your interactions with our website, including clicking on links in emails sent to you.

  • Optional birthday information. If you are a subscriber to our direct marketing communications and choose to provide your date of birth, we will use this information solely to send you special birthday-related offers and promotions. Providing your date of birth is voluntary and will not affect your subscription.

  • Customer Reviews. If you have made a purchase and are an active subscriber to our direct marketing, we may contact you to ask you to rate or review your experience with our products or services. Participation is entirely voluntary, and we process this data to improve our products and the customer experience. By choosing to submit a review, you agree that your name and review may be publicly displayed on our brand websites and may be used for marketing purposes to promote our products. Reviews are collected and managed through our external review partner. By submitting a review, you agree to this partner's separate terms and conditions and privacy policy.

  • When you visit the website and accept our cookies, we may collect personal data in the form of online behavior (e.g., the following data: IP address, user-generated data from cookies (e.g., clicks, page viewed, page visits, time spent, products viewed and clicked, orders, average order value), geographic location (country only), correspondence and feedback regarding our products and services, technical data (e.g., language, IP address, device type, browser settings, time zone, operating system, platform), information about how you have interacted with us, i.e., how you have used our services, response times, page errors, how you access and leave the website, etc.), as described in our Cookie Settings. We analyze this information on an aggregated and pseudonymized basis for statistical purposes, to optimize our website, and to market our products and brands by analyzing which parts of our website are visited most frequently. However, our processing of strictly necessary cookies is necessary for our legitimate interest in providing you with a functioning website when you visit and use the services offered on the website. When you access the website and give your consent to our targeting cookies, we will use collected information (IP address, user-generated data from cookies (e.g., clicks, page viewed, page visits, time spent, products viewed and clicked, orders, average order value), geographic location (country only)) for targeted communications on third-party advertising platforms such as Facebook, Google, YouTube, Instagram, etc., to send you messages personalized for you based on your behavior and browsing patterns at specific times and locations on these platforms, in order to increase the effectiveness of our advertising campaigns. Your personal data will be shared with third-party advertising platforms, which will attempt to match your profile with their databases to determine the optimal time and place (the website you are currently visiting) to show you one of our advertisements. We also need to analyze necessary information to understand the effectiveness of our advertising. If you do not consent to us tracking your data for this purpose, our advertisements may still be shown to you randomly on other platforms.

  • Conversion and advertising tracking: We use features from external platforms to measure and improve our advertising and conversion analytics. This may include features from Google (such as Google Analytics Enhanced Conversions and Google Ads Enhanced Conversions) and Meta (such as Automatic Advanced Matching and the Conversions API). With your explicit consent, information about events and interactions on the website—such as completed purchases, conversions, order value, and other non-sensitive, transaction-related data—may be shared with these providers to measure, analyze, and optimize the effectiveness of advertising and conversion reporting. Such processing only occurs after you have given your consent via our cookie and consent management solution.

5. WHO ARE THE RECIPIENTS OF THE PERSONAL DATA?

Only those individuals who need to process personal data for the purposes described above have access to your personal data. We may need to share your personal data with our group companies. Your personal data will be processed, if and to the extent necessary, by the company's employees and its consultants, suppliers, service providers, partners, and distributors. For example, our e-commerce team has access to personal data relating to your purchases, and our product managers primarily have access to incoming inquiries and complaints about our products.

The company currently has sister companies in Norway, Denmark, the United Kingdom, France, Austria, Spain, Netherlands, Italy, Belgium and the United States, as well as a sister office in Finland, and is expanding into other countries. The company's parent company is based in Sweden. We may also work with partners in many countries both within and outside the EEA, and in such cases, we may need to share personal data with service providers and legal advisors, for example, who are not based in the EEA.

This means that your personal data may be transferred to countries outside the EEA. Such transfers are based on adequacy decisions by the EU Commission where applicable, and otherwise on the performance of an agreement concluded between us. In other cases, any transfer of your personal data to third countries will be based on appropriate safeguards, such as standard contractual clauses. In exceptional circumstances, we may also carry out such transfers based on your explicit consent, important reasons of public interest, the administration of legal claims, or to protect your vital interests or those of another person.

The Company enters into data processing agreements with third parties who, through their services or collaboration, gain access to personal data or process it on our behalf. We ensure that these third parties process the data in the same lawful and secure manner as we do. More specifically, personal data is transferred to the following categories of service providers who process this data on our behalf:

  • Payment Solution (Shopify Payments)
  • Logistic Services (RHIEM Services GmbH)
  • Newsletter Services (Klaviyo)
  • IT service provider (hosting services) (Shopify)

We also share your personal data with other data controllers. These controllers may include public authorities (police, tax authorities, or other agencies) if we are legally obligated to disclose it or due to suspected criminal activity; payment service providers and banks to facilitate transactions; external legal advisors (lawyers and auditors); courts to protect our rights; other companies that purchase all or part of our business/assets; or transport companies so they can process and deliver your order. When your personal data is shared with other controllers, they are responsible for your personal data, and we refer you to them for further information on how they process your personal data.

Our Site is powered by Shopify. Shopify collects and processes personal data relating to customers in order to operate the Site and provide its services. Information you submit to the Site may be shared with Shopify and with third-party service providers, including providers located in other countries, for the purpose of operating the Site and providing services to you. For more information about how Shopify processes personal data, please see Shopify’s Consumer Privacy Policy: https://www.shopify.com/se/legal/privacy/consumers  

You may have the right to opt out of or object to certain processing activities carried out by Shopify. Information on how to exercise these rights is available at: https://privacy.shopify.com/en 

6. DOES THE COMPANY PROCESS SPECIAL CATEGORIES OF PERSONAL DATA?

The company never processes sensitive data, such as information about ethnic origin and affiliation, political opinions, religious beliefs, or sexual orientation. However, in some cases, we are required to collect and process health data for a limited period for safety reasons, such as information about allergies or other medical conditions that we need to know when organizing travel or training. Such data is processed only after obtaining your explicit consent and is deleted in any case as soon as the purpose for which it was collected no longer applies.

7. HOW LONG WILL PERSONAL DATA BE STORED?

7.1 If our processing of personal data is based on an agreement.

We will store your personal data for the duration of the agreement and delete it when the agreement is terminated. However, the following exceptions apply:

  • If we are legally obliged to retain or disclose your personal data after termination of the agreement, e.g., customer data, we will store the data for as long and to the extent required by law (e.g., up to ten years under tax laws) or as directed by a court or public authority.

  • If this is necessary for the establishment, exercise or defense of legal claims, we will retain relevant personal data until it is no longer required for this purpose.

  • Photos or videos are not automatically deleted upon request or after the conclusion of a specific event, but are used in accordance with our agreement. If you have submitted an unsolicited application for a position at Vitamin Well, we will store your personal data for six months from the application date in order to contact you if a suitable position becomes available.

  • In the case of purchase agreements, we will process your personal data during the term of the contract and thereafter for the duration of the general statutory limitation period of three years in Germany; subsequently, we will delete your personal data unless one of the exceptions described above applies.

7.2 If our processing of personal data is based on our legitimate interest.

Events and competitions: We will retain your personal data until the event or competition is completed (including any evaluation thereof). However, photos and videos from the event will not be automatically deleted after the event has ended, but may be used as long as they are relevant for our marketing purposes.

Questions and complaints about products: We process personal data for two years after receiving it in order to conduct statistical analyses of questions and complaints, to investigate, track and report potential health risks or product problems, to monitor and improve our customer service, to pay compensation and to prevent fraudulent behavior (e.g., unfounded claims for damages).

Website visitors: We process your personal data collected through cookies based on your consent and until the relevant cookie expires or you withdraw your consent.

Ideas etc.: We process all spontaneously received personal data as long as it is relevant to us.

7.3 Where we process personal data based on your consent, we will do so until the consent is withdrawn or for as long as it is necessary for the purposes of the processing of personal data, whichever is earlier.

News updates: We store your personal data for as long as you are subscribed or have expressed interest in our news. You can unsubscribe from our news updates at any time by unsubscribing from our marketing communications.

Advertising campaigns: We process your personal data for as long as you are registered to receive advertising, in order to target advertising campaigns to you and/or exclude you from such campaigns.

7.4 Please note that the above-mentioned retention periods do not apply to the extent that the company is obliged under applicable law (e.g. accounting laws) to retain your personal data (in part or in full).

8. WHAT RIGHTS DO YOU HAVE AS AN AFFECTED PERSON?

Under applicable laws, you have the following rights:

  • The right to information: You can request information about your personal data at any time. Upon request, we will provide you with a copy of your personal data in a commonly used electronic format.

  • The right to rectification: You are entitled to have incorrect personal data corrected and incomplete personal data completed.

  • The right to erasure: Under certain circumstances (including processing based on your consent), you can ask us to delete your personal data. Please note that this right is not unconditional. Therefore, we may not comply with an attempt to exercise this right.

  • The right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing activities carried out by us concerning your personal data based on our legitimate interests or the legitimate interests of a third party. We will no longer process the personal data for the purposes to which you have objected, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defense of legal claims. The right to object also applies to the processing of your personal data for direct marketing purposes. If personal data is processed for direct marketing purposes, you may object to this processing at any time and without any conditions.

  • The right to restriction of processing: Under certain circumstances, you can request that we restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, we may not comply with an attempt to exercise this right.

  • The right to data portability: You are entitled to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format (or to have such personal data transmitted directly to another controller, where technically feasible), if the processing of your personal data is based on your consent or is necessary for the performance of a contract with you.

If you have any questions or wish to exercise any of your rights, please contact our Data Protection Officer by email at dpo@vitaminwell.com.

9. COOKIES

As part of our approach to providing personalized services on our website, we use cookies to store and sometimes track information about you. A cookie is a small data file that is sent from a web server to your browser and stored on your hard drive, allowing easier access the next time you visit the same page. We only store and access non-essential cookies (i.e., cookies that are not strictly necessary) on your hard drive if you have given your consent.

Please follow the links below for instructions on how to change your browser settings with some of the most common browser providers (please note that these links lead to third-party websites over which we have no control):

Microsoft Internet Explorer
Safari
Firefox
Google Chrome

Please note that after restricting cookies, you may not be able to access all parts of our website, as some website features depend on cookies.

To ensure transparency, we have summarized the cookies used on our website below.

If you click on Cookie Settings, you will find a detailed list of the cookies we use on our website. We categorize cookies as follows:

  • Strictly necessary cookies – These cookies are essential to enable you to move around the website and use its features, such as accessing secure areas of the site. Cookies that allow our website to keep your items in your shopping cart while you shop online are an example of strictly necessary cookies. They are usually only stored in response to actions you take that constitute a request for services, such as setting your privacy preferences, logging in, or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the website will then no longer work. These cookies do not store any personally identifiable information.

  • Functional cookies – These cookies  allow the website to remember choices you have made in the past, such as your preferred language or your username and password, so you can be logged in automatically (if we provide a login function). They may be set by us or by third-party providers whose services we have added to our websites. If you do not allow these cookies, some or all of these services may not function properly.

  • Analytics cookies – These cookies, also known as "performance cookies," collect information about how you use our website, such as which pages you have visited and which links you have clicked. None of this information can be used to identify you. It is all collected in aggregated form and therefore anonymously. Their sole purpose is to improve the website's functionality, and if you do not allow these cookies, we will not know when you have visited our website and will not be able to monitor its performance.

  • Marketing cookies – These cookies follow your online activity to help us and our advertisers deliver more relevant advertising to you or to limit how often you see an advertisement. These cookies may be set via our Website by our advertising partners. These cookies may be used by such companies to create a profile of your interests, so as to display relevant advertising to you on other websites. They do not store personal data directly but are based on identifying your browser and internet device. If you do not allow these cookies, you will experience fewer targeted ads/advertising.

If you have consented to all cookies, you can withdraw your consent (except for strictly necessary cookies) via our Cookie Settings.

10. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your personal data from loss and unauthorized access. These appropriate security measures include the implementation of secure private connections, traceability, disaster recovery, and access restrictions.

11. OTHER

We would like to resolve all your complaints amicably. However, you also have the right to lodge a complaint with the competent data protection supervisory authority at any time. You can contact the data protection supervisory authority of the federal state in which you reside or the authority of the federal state in which the data controller is located.

12. CONTACT

The website is operated by Barebells Functional Foods Deutschland GmbH, located at Mittelweg 9, 20148 Hamburg, Germany.

Registration details: Registered in the commercial register.

Registry Court: Hamburg District Court.

Registration number: 153423 B.

If you have any questions regarding our handling of your personal data or our use of cookies, or if you wish to exercise any of your rights under applicable data protection laws, please contact our Data Protection Officer at dpo@vitaminwell.com. Alternatively, you may also contact us at the postal address stated above or at the following address: hello@barebells.de