Status March 2026
We are very happy about your visit to www.zimplynatural.com. If you have any questions afterwards or if anything is unclear, you can contact us by e-mail at kontakt@zimplynatural.de. We are at your disposal.
The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection regulations is
ZIMPLY NATURAL GmbH
Landwehrstr. 35
80336 Munich
Germany
+49 89 21527617
kontakt@zimplynatural.de
www.zimplynatural.com
The data protection officer of the controller is:
DataCo GmbH
Dachauer Street 65
80335 Munich
Germany
+49 89 7400 45840
https://www.dataguard.de
We only process our users' personal data insofar as this is necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is required by law.
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR (Article 21(1) GDPR). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims. The objection can be made informally.
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected:
This data is stored in the log files of our system. This data is not stored together with other personal data of the user.
Temporary storage of the IP address is necessary to enable delivery of the website to the user's computer. Storage in log files is carried out to ensure the functionality of the website and to optimize and ensure the security of our information technology systems. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, at the latest after 14 days. Storage beyond this is possible, whereby IP addresses are deleted or alienated.
Our website uses cookies. Technically necessary cookies are used on the basis of § 25 para. 2 TTDSG i.V.m. Art. 6 para. 1 lit. f GDPR. Technically unnecessary analysis cookies are only used with your consent in accordance with Section 25 (1) TTDSG in conjunction with Art. 6 para. 1 lit. a GDPR. You can change your cookie settings at any time via the „Change cookie settings“ link on our website.
You can subscribe to a free newsletter on our website. We use the email marketing tool Maileon from XQueue GmbH, Christian-Pleß-Str. 11-13, 63069 Offenbach am Main (server location: Germany). The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR in the case of consent, for advertising emails to existing customers Art. 6 para. 1 sentence 1 lit. f GDPR. The subscription can be canceled at any time via the unsubscribe link in the newsletter.
Further information:
https://maileon.com/datenschutz/
If you contact us by email, the personal data transmitted will be stored and used exclusively for processing the conversation. We use Microsoft 365 (Microsoft Ireland Operations Limited, Dublin) for this purpose. Data may be transferred to the USA; this is protected by standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR. The legal basis is Art. 6 para. 1 lit. f GDPR or lit. b GDPR in the case of contract initiation. The data will be deleted as soon as the matter has been finally clarified. Objection: kontakt@zimplynatural.de
The e-mail address, surname, first name, IP address, subject and message are stored via our contact form. The data is used exclusively for processing the contact request. The legal basis is Art. 6 para. 1 sentence 1 lit. a or lit. f GDPR. The data will be deleted as soon as the conversation is completed, at the latest after 7 days for additionally collected data. Objection: kontakt@zimplynatural.de
Application data (including name, address, CV, references) are processed exclusively for the purpose of processing the application. The legal basis is Art. 6 Para. 1 S.1 lit. b Alt. 1 GDPR in conjunction with. § Section 26 para. 1 sentence 1 BDSG. After completion of the application process, the data will be deleted after six months at the latest.
Contradiction: kontakt@zimplynatural.de
We maintain company presences on Facebook, Instagram (Meta Platforms Ireland Ltd.), Pinterest (Pinterest Europe Ltd.), and YouTube (YouTube LLC / Google Ireland Limited) for communication, information and marketing purposes. If you perform actions on these platforms, personal data may become public. We have no influence on data processing by the respective platform operators. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
Contradiction: kontakt@zimplynatural.de
Further information: Instagram: https://help.instagram.com | Pinterest: https://policy.pinterest.com/de/privacy-policy | YouTube: https://policies.google.com/privacy
We maintain a LinkedIn corporate presence (LinkedIn Unlimited Company, Dublin, Ireland) for information purposes, PR and active sourcing. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR. Objection: kontakt@zimplynatural.de
https://www.linkedin.com/legal/privacy-policy
The website is hosted by: netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany. The server is geographically located within the European Union (EU). Server log files are stored on the basis of Art. 6 para. 1 lit. f GDPR and are not merged with other data sources.
We offer a self-managed affiliate program. We process buyer data (e.g. device information, IP address, order information) and affiliate data (e.g. name, email, bank details). The legal basis for buyer data is Art. 6 para. 1 sentence 1 lit. a GDPR, for affiliate data Art. 6 para. 1 sentence 1 lit. b GDPR. The data is stored for as long as necessary to fulfill the purposes or as required by law.
We operate an AI-supported chatbot for customer support on our website. We process the content of your chat conversation as well as the contact details you voluntarily provide (first name, surname, email address, telephone number if applicable). The purpose of the processing is to process your request and forward it to our customer support team if manual processing is required.
You will be informed about data processing at the start of every chat conversation. Providing a telephone number is voluntary and has no influence on the processing of your request if this is possible by e-mail.
The chatbot uses an AI language model via Microsoft Azure (Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). We operate the chat service on our own server instance in a German data center within the EU. Your data will not be passed on to third parties. An order processing contract has been concluded with Microsoft in accordance with Art. 28 GDPR.
Processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR in the case of contract-related inquiries and on the basis of Art. 6 para. 1 lit. f GDPR in the case of general inquiries (legitimate interest: efficient customer support). The chatbot does not make automated decisions within the meaning of Art. 22 GDPR; final decisions are always made by human employees.
Data may be transferred to the USA as part of Azure AI processing. This is secured by EU standard data protection clauses (Art. 46 para. 2 lit. c GDPR) and Microsoft's certification under the EU-US Data Privacy Framework.
Your data will be deleted as soon as the request has been finally processed, provided that there are no statutory retention obligations to the contrary. For inquiries relating to orders, commercial and tax law deadlines apply (up to 10 years). Please send any objections to the processing to: kontakt@zimplynatural.de
We use the Facebook pixel (Meta Platforms Ireland Ltd., Dublin) to measure the effectiveness of Facebook ads. The data collected is anonymous to us. The legal basis is the consent of the user (Art. 6 para. 1 sentence 1 lit. a GDPR). Data transfer to the USA is possible. Consent can be revoked via the cookie settings. Further information: https://de-de.facebook.com/policy.php
We use Google AdWords and Google Ads Enhanced Conversions (Google Ireland Ltd., Dublin) to place and measure the success of advertisements. Enhanced Conversions transmits hashed customer data (SHA-256) to Google for comparison with existing Google accounts; after the comparison, the hash values are deleted. The legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR in conjunction with § 25 para. 1 TTDSG). Data is transferred to the USA on the basis of standard data protection clauses; Google is certified in accordance with the EU-US Data Privacy Framework. Consent can be revoked via the cookie settings. Further information: https://policies.google.com/privacy
We use Google Analytics (Google Ireland Ltd., Dublin) for web analysis. Cookies are set and user data (including IP address, anonymized) is transferred to Google servers in the USA. The legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR). The collection can be prevented by the browser plugin at https://tools.google.com/dlpage/gaoptout be prevented.
We use the open source tool Matomo to analyze surfing behavior. Matomo can be used without cookies (legal basis: Art. 6 para. 1 lit. f GDPR) or with cookies after consent (Art. 6 para. 1 sentence 1 lit. a GDPR). IP addresses are anonymized (2 bytes masked). They are not transmitted to third parties. Further information: https://matomo.org/privacy-policy/
A trust badge is used to display our Trusted Shops seal of approval (Trusted Shops GmbH, Cologne). Server log file data (including IP address) is recorded. Further personal data is only transmitted with express consent. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Access data is deleted after 90 days at the latest.
We embed YouTube videos (YouTube LLC / Google Ireland Limited) on our website. When you visit our website, your browser establishes a connection with YouTube servers. The legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Further information: https://policies.google.com/privacy
The Google Tag Manager (Google Ireland Ltd.) manages tags on our website. It does not itself access personal data; the triggering of the tags is governed by the applicable data protection provisions of the integrated services. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.
We use Zendesk (Zendesk, Inc., San Francisco, USA) for our customer support. Name, address, telephone number and e-mail may be processed. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR or lit. b in the case of contract initiation. Further information: https://www.zendesk.de/company/customers-partners/privacy-policy/
We use Calendly (Calendly LLC, Atlanta, USA) for appointment scheduling. Log, device and account information is processed. Data is transferred to the USA (standard data protection clauses pursuant to Art. 46 para. 2 lit. c GDPR). The legal basis is Art. 6 para. 1 sentence 1 lit. a or lit. b GDPR. Further information: https://calendly.com/de/pages/privacy
We use Webinargeek (Chroomstraat 12, Zoetermeer, Netherlands) to conduct webinars. First name, email address, IP address and form entries are processed. The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR.
For our product configurator, we use the OpenAI model via Microsoft Azure (Microsoft Ireland Operations Limited, Dublin). The service processes symptom descriptions anonymously, without user identification. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.
We use conversion tracking technology from Adverfly GmbH, Südring 1a, 51702 Bergneustadt. This involves reading end device and browser information and, if applicable, IP addresses. The legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Further information: https://www.adverfly.com/de/privacy-policy
We use Google Ads Customer Match with your consent or within the scope of our legitimate interest (Art. 6 para. 1 lit. a and f GDPR). Encrypted user data (e.g. email addresses) is uploaded to Google and automatically deleted after matching. The recipient is Google Ireland Limited (EU-US Data Privacy Framework certified).
We use Outbrain (Outbrain UK Limited, London) to display reading recommendations on a pseudonymized basis. The legal basis is consent (Art. 6 para. 1 sentence 1 lit. a GDPR). Opt-out possible at: https://my.outbrain.com/recommendations-settings/home
The buyer uses our configurator to create individual products. Among other things, application-specific health data, psychographic characteristics, year of birth, gender, weight, height and first name are collected - in some cases this is health data (special categories according to Art. 9 GDPR). When you place an order, we also collect your name, billing and delivery address, email address, telephone number (if applicable) and payment details.
The configuration data is not passed on to third parties. The partner pharmacy only receives the resulting prescription and the order data. Ninox Software GmbH, Berlin is used for data exchange with the pharmacy. Legal basis: Art. 9 para. 2 i.V.m. Art. 6 para. 1 lit. a GDPR and Art. 6 para. 1 lit. b GDPR.
We use Stripe Inc (510 Townsend Street, San Francisco, CA 94103, USA) for payment processing. The following payment methods are available via Stripe: Credit card, direct debit, Apple Pay and Google Pay. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR. Payment data will be deleted after 10 years at the latest. Further information: https://stripe.com/de/privacy
In addition, payment via PayPal (PayPal (Europe) S.à.r.l. & Cie. S.C.A., Luxembourg) and Klarna (Klarna AB, Stockholm) is offered. Details on the respective data protection regulations can be found at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/ resp. https://www.klarna.com/de/datenschutz/
To deliver your orders, we send your name, address and email address to DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn. The legal basis is Art. 6 para. 1 lit. b GDPR. The data will be deleted by the shipping service provider after successful delivery. The notification service can be canceled at any time via the opt-out link in the shipping email.
This privacy policy was created with the support of DataGuard and last updated in March 2026.
DE DE 
EN
ES
FR
IT
