Privacy Policy

Aroma Networks e.U. - Dominik Scheidl

Version from 26.07.2023

The protection of your personal data is particularly important to us. We therefore process your data exclusively on the basis of the applicable legal provisions (EU General Data Protection Regulation GDPR, TKG 2003). In this data protection information we inform you about the most important aspects of data processing within the scope of our activities.

Our website can usually be used without providing any personal data. If you enter personal data, e.g. for the purpose of establishing contact or subscribing to a newsletter, we will pass on the necessary information to companies that process data on our behalf (e.g. send the newsletter). We only commission companies that are subject to the General Data Protection Regulation.

Encrypted data transmission

For reasons of security and data protection, this website uses SSL encryption, which prevents third parties from intercepting and reading the data you have entered during transmission. You can recognize active encryption by the padlock or similar symbols in the address bar of your browser.

Contact with us

If you contact us using the form on the website, by e-mail or by other means, the data you provide (name, company, e-mail address, telephone number and communication content) will be used for the purpose of processing the request and for the case of follow-up questions stored with us for one year. If a contract results from the request, the statutory retention periods apply. We do not pass on this data without your consent. Data processing takes place on the basis of Art 6 Para 1 lit b (performance of contract) and Art 6 Para 1 lit a (consent) of the GDPR.

General customer management

We maintain a list of customers and prospects and for this purpose store contact information, information about previous orders and inquiries and communication made through various channels (e.g. emails, phone notes, SMS messages, etc.).

We store this data locally on our computers, with our email provider or in secure cloud solutions. The data is stored and processed exclusively within the EU.

We use the services of various providers with whom we have concluded corresponding processor agreements.

The data will not be passed on to third parties and will be stored for 1 year and then deleted if no contractual relationship arises. If a contract has been formed, the statutory retention periods (usually 7 years) apply.

Data processing takes place on the basis of Article 6 Paragraph 1 lit b (performance of contract) and/or lit a (consent) of the GDPR.

Information mails for members

Our members receive regular emails with information about Aroma Networks, doTERRA essential oils, and related topics.

Data processing takes place on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the provision of information relating to products already purchased.

You can cancel the newsletter at any time. Please send your cancellation to the following email address: info@aromanetworks.com or use the corresponding link at the end of the newsletter. We will then immediately delete your data in connection with the newsletter dispatch.

“Brevo”, a brand of Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany, is responsible for sending the newsletter. Your e-mail address, your name, company name, the country in which you are based and the date of your registration and the IP address used are stored on Brevo's servers. Brevo uses this information to send and evaluate the newsletter on our behalf. Brevo also uses the data to optimize its own service, but will under no circumstances pass it on or write to subscribers itself.

The newsletters sent contain small images (tracking pixels) or redirected links for the purpose of statistical evaluation, which we can use to determine whether you have read our newsletter and what type of device you used.

We have entered into a processor agreement with Brevo. Brevo's privacy policy can be found at https://www.brevo.com/de/datenschutz-uebersicht/ .

Server logs

The server from which this website is provided stores information that is automatically transmitted to us by your browser in so-called log files. These are:

  • Browser type and browser version
  • Operating system used
  • The page (URL) from which you came to us
  • The IP address of the accessing computer
  • Time of the request

This data is used exclusively for technical monitoring of the web server (utilization, optimization, error detection, security) and is absolutely necessary for this. They are not connected to other data sources so that they cannot be assigned to individual persons. They will be deleted after three months.

Data processing takes place on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the proper and secure functioning of the website.

Scheduling

We use the Exchange Online calendar from Microsoft Ireland Operations Limited, Atrium Block B, Carmenhall Road, Sandyford Industrial Estate, Dublin 18, Ireland to schedule appointments. Microsoft processes the data you enter (name, e-mail address, telephone number) to save appointments and to manage changes and cancellations. The data is stored exclusively on servers within the EU.

We have concluded a processor contract with Microsoft, in which Microsoft undertakes to comply with the standard contractual clauses defined by the EU Commission. Microsoft's privacy policy can be found at https://privacy.microsoft.com/de-de/privacystatement

Data processing takes place on the basis of Art 6 Para 1 lit b (performance of contract) and Art 6 Para 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the simple and effective booking of appointments by our customers.

We store the data from an appointment booking until the end of the tax retention period (7 years).


Use of Zoom for consultation

We use the online video conferencing solution Zoom for consultations. Zoom is a service of Zoom Video Communications Inc, San Jose, 55 Almaden Boulevard, 6th Floor, CA 95113, USA.

When we communicate using Zoom, the content of the conversation (i.e. sound and video) is encrypted in such a way that only the participants in the conversation can access it. No recordings are made.

In addition, Zoom also processes information entered by you such as name, telephone number or e-mail address and automatically collected data such as your IP address, the MAC address of the device used, the operating system, the client software used, camera, microphone and speaker type, whether they transmit the sound via telephone or VoIP and whether they participate in the conversation with or without video. In addition, the duration of the call, your name in the call and the content of the chat are processed.

Data processing takes place on the basis of Art 6 Para 1 lit b (performance of contract) and Art 6 Para 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the simple and effective implementation of online meetings over the Internet.

Zoom only stores the data for as long as it is necessary to provide the service or the other purposes mentioned above.

We have concluded a processor agreement with Zoom, in which Zoom undertakes to comply with the standard contractual clauses defined by the EU Commission.

Further details on data processing by Zoom can be found here: https://zoom.us/de-de/privacy.html

Cookies

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm.

We use cookies to make our offer user-friendly. Some cookies remain stored on your end device until you delete them. They enable us to recognize your browser on your next visit.

Some of these cookies are necessary for the operation of the website and save your consent to non-essential cookies, the language you have chosen, are used to log in and enable the shopping cart. If you do not want the necessary cookies to be stored, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases.

The legal basis for the use of required cookies is Art. 6 Para. 1 lit b (performance of contract) or Art. 6 Para. 1 lit f (legitimate interests) of the GDPR. Legitimate interests within the meaning of the GDPR are the proper and secure functioning of the website and the optimization of our offer.

 In addition, other cookies that are not absolutely necessary for the operation of the website may only be stored with your consent. Details on this in the following sections.


Management of consent to cookies and external content

To manage your consent to the use of cookies, tracking, external content and similar technologies, we use the Real Cookie Banner consent management tool. Details on how it works and data processing can be found at https://devowl.io/rcb/data-processing/.

Data processing takes place on the basis of Article 6 Paragraph 1 lit c (statutory provisions) and lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the effective management of consent to the use of cookies, external content and the like.


Matomo Webanalysis

We use the Matomo software solution to get a better overview of how visitors use our website. an open-source software that we use as a locally installed application.

No cookies are set and your IP address is anonymized, which means that we cannot recognize you on subsequent visits.

 We do not pass on any data to third parties, the evaluation takes place exclusively on our web server

When you visit our website, the following information is processed:

  • the first two bytes of the visitor's IP address (therefore anonymous)
  • the pages viewed during a session
  • the website from which you came to us (all parameters are removed)
  • how long you stay on our website

Data processing takes place on the basis of Article 6 Paragraph 1 lit f (legitimate interests) of the GDPR. The legitimate interest within the meaning of the GDPR is the improvement of the website by adapting it to the interests of website visitors.

Hubspot Analytics

With your consent, our website uses the "Website Analytics" function of the provider HubSpot, Inc., Two Canal Park, Cambridge, MA 02141, USA. Cookies are used for this purpose, which enable an analysis of the use of the website by your visitors. The information generated in this way is transferred to the provider's server and stored there.

If you have agreed to the use of Hubspot Website Analytics, cookies will be set in your browser that identify you when you visit our website again and allow us to distinguish between visitors and analyze what you have viewed on previous visits to our website.

We have concluded a processor contract with Hubspot, in which Hubspot undertakes to comply with the standard contractual clauses defined by the EU Commission.

Data processing takes place on the basis of the legal provisions of Section 96 Paragraph 3 TKG and Art 6 Paragraph 1 lit a (consent) of the GDPR.

The Hubspot data protection declaration and further information on data protection can be found under the following links: https://legal.hubspot.com/de/privacy-policy and https://legal.hubspot.com/de/cookie-policy

Members area

A members' area has been set up on our website, which you can access after purchasing certain products. In order to restrict access to buyers, we store your e-mail address, name, the date of the order, payment information and the password for your access.

This data is required to fulfill the contract, without it we cannot provide all the services purchased. After termination of your membership, the access data will be deleted immediately, as well as in the event of default of payment despite repeated reminders. In both cases, access to the members' area is then no longer possible. Data relevant to financial accounting is kept for 7 years.

Data processing takes place on the basis of the legal provisions of Art 6 Para 1 lit b (performance of contract) of the GDPR.


Accounting

For the purpose of accounting, the following data of our customers are stored by us: name, company, address, telephone number, e-mail address, VAT ID, bank details, transactions made, invoices. This data will not be passed on, with the exception of transmission to the processing bank/payment service provider for the purpose of debiting, as well as to our tax consultant for accounting purposes and to fulfill our tax obligations. The data is stored exclusively within the EU.

The data you provide is required to fulfill the contract or to carry out pre-contractual measures. Without this data we cannot conclude and fulfill the contract with you.

All data from a contractual relationship will be stored until the end of the tax retention period (7 years).

Data processing takes place on the basis of Art 6 Para 1 lit c (statutory provisions) of the GDPR and Art 6 Para 1 lit b (necessary for the fulfillment of the contract) of the GDPR.


Aroma Networks Memberships, doTERRA Profiles, and Enrollment Kits

For the purpose of managing Aroma Networks memberships, we store your name, company, address, e-mail address, telephone number, referral code and access data for the Aroma Networks member area and your doTERRA profile.

At the beginning of the membership we create a doTERRA profile for you and order the desired enrollment kit. For this purpose, we pass on your name, company, address, e-mail address and telephone number to doTERRA, dōTERRA Europe Marketing GmbH, Konrad-Zuse-Platz 8, 81829 Munich, Germany. You can find more information about data processing by doTERRA here: https://www.doterra.com/ME/en_ME/privacy-policy-austria

doTERRA provides access data for your doTERRA profile after registration. We share this information with you and store it as part of your Aroma Networks profile.

This data is retained permanently to allow membership to be reinstated. However, the data will be deleted at your request, provided they do not serve any statutory retention periods.

Data processing takes place on the basis of Article 6 Paragraph 1 lit b (performance of contract) and/or lit a (consent) of the GDPR.


Verification of new members

Our service is only available to companies, so we check your contact details and company status before setting up membership. For this we use your name, company, address, e-mail address, telephone number, bank details, UID, website and other data provided by you for this purpose.

If necessary for verification, we pass this information on to authorities and service providers, in particular to the commercial court, economic chamber or magistrate).

Data processing takes place on the basis of Article 6 Paragraph 1 lit b (performance of contract) and/or lit a (consent) of the GDPR.

Your rights

In principle, you have the right to information, correction, deletion, restriction, data transferability, revocation and objection. Corresponding inquiries can be addressed to the e-mail address info@aromanetworks.com .

If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority.


You can reach us using the following contact details:

Aroma Networks e.U.
Dominik Scheidl
Donaufelderstrasse 235/33
1220 Vienna
Austria

>
en_USEN
GDPR Cookie Consent with Real Cookie Banner