BEAUTEK Business Club:

Mehr Vorteile, mehr Sicherheit, mehr Studio-Erfolg Hier ansehen

This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions, and content associated with it, as well as external online presences, such as our social media profiles (hereinafter collectively referred to as the “online offering”).
With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller

BEAUTEK GmbH
Numbachstraße 58
57072 Siegen
Germany

Email: info@beautek.de
Managing Directors: David Erich & Brigitte Erich
Link to legal notice (Imprint): https://www.beautek.de/Impressum
Data protection officer contact: asadi@beautek.de

Types of Data Processed

Inventory data (e.g. names, addresses)
Contact data (e.g. email addresses, telephone numbers)
Content data (e.g. text entries, photographs, videos)
Usage data (e.g. websites visited, interest in content, access times)
Meta/communication data (e.g. device information, IP addresses)

Categories of Data Subjects

Visitors and users of the online offering (hereinafter we also refer to the data subjects collectively as “users”).

Purpose of Processing

Provision of the online offering, its functions and content
Responding to contact requests and communicating with users
Security measures
Reach measurement/marketing

Terminology Used

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Relevant Legal Bases

In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. Unless the legal basis is specified in this privacy policy, the following applies:

The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR.
The legal basis for processing for the performance of our services and the execution of contractual measures, as well as for responding to enquiries, is Article 6(1)(b) GDPR.
The legal basis for processing for compliance with our legal obligations is Article 6(1)(c) GDPR.
The legal basis for processing for the purposes of our legitimate interests is Article 6(1)(f) GDPR.

In cases where the vital interests of the data subject or another natural person require the processing of personal data, Article 6(1)(d) GDPR serves as the legal basis.

Security Measures

In accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation, the nature, scope, context, and purposes of processing, as well as the varying likelihood and severity of risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity, and availability of data by controlling physical access to the data, as well as access, input, transfer, availability, and separation of the data. Furthermore, we have procedures in place to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also take the protection of personal data into account during the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default (Article 25 GDPR).

Cooperation with Processors and Third Parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access to the data, this is done only on the basis of a legal permission (e.g. where a transfer of data to third parties, such as payment service providers, is required for the performance of a contract pursuant to Article 6(1)(b) GDPR), if you have given your consent, if a legal obligation provides for this, or on the basis of our legitimate interests (e.g. when using agents, web hosting providers, etc.).

Where we commission third parties with the processing of data on the basis of a so-called “data processing agreement”, this is done on the basis of Article 28 GDPR.

Transfers to Third Countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if this occurs in the context of the use of services of third parties or the disclosure or transfer of data to third parties, this is done only if it is necessary for the performance of our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation, or on the basis of our legitimate interests.

Subject to legal or contractual permissions, we process or have data processed in a third country only where the special requirements of Articles 44 et seq. GDPR are met. This means that processing takes place, for example, on the basis of special safeguards, such as an officially recognised level of data protection equivalent to that of the EU (e.g. by “Privacy Shield” for the USA) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of Data Subjects

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data, as well as further information and a copy of the data in accordance with Article 15 GDPR.

In accordance with Article 16 GDPR, you have the right to request the rectification of inaccurate data concerning you or the completion of incomplete data concerning you.

In accordance with Article 17 GDPR, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with Article 18 GDPR, to request restriction of the processing of the data.

In accordance with Article 20 GDPR, you have the right to receive the data concerning you that you have provided to us and to request its transmission to another controller.

You also have the right, in accordance with Article 77 GDPR, to lodge a complaint with the competent supervisory authority.

Right to Withdraw Consent

You have the right to withdraw consent granted in accordance with Article 7(3) GDPR with effect for the future.

Right to Object

You may object at any time, in accordance with Article 21 GDPR, to the future processing of data concerning you. The objection may in particular be made against processing for direct marketing purposes.

Cookies and Right to Object to Direct Marketing

“Cookies” are small files stored on the user’s device. Different information may be stored within cookies. A cookie primarily serves to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering.

“Session cookies” or “transient cookies” are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie may, for example, store the contents of a shopping cart in an online shop or a login status.

“Permanent” or “persistent” cookies are those that remain stored even after the browser is closed. For example, a login status can be saved if users visit the site again after several days. Likewise, the interests of users may be stored in such a cookie, which is used for reach measurement or marketing purposes.

“Third-party cookies” are cookies that are offered by providers other than the controller operating the online offering (otherwise, if only its cookies are used, they are referred to as “first-party cookies”).

We may use temporary and permanent cookies and provide information about this in our privacy policy.

If users do not wish cookies to be stored on their device, they are asked to deactivate the corresponding option in their browser’s system settings. Stored cookies can be deleted in the browser’s system settings. The exclusion of cookies may lead to functional limitations of this online offering.

A general objection to the use of cookies used for online marketing purposes can be declared for many services, especially in the case of tracking, via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be prevented by disabling them in the browser settings. Please note that, in that case, not all functions of this online offering may be fully usable.

Erasure of Data

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and no legal retention obligations prevent deletion.

If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal requirements in Germany, retention is in particular for 10 years in accordance with Section 147(1) AO and Section 257(1) Nos. 1 and 4, (4) HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with Section 257(1) Nos. 2 and 3, (4) HGB (commercial letters).

In accordance with legal requirements in Austria, retention is in particular for 7 years pursuant to Section 132(1) BAO (accounting records, vouchers/invoices, accounts, receipts, business papers, statement of income and expenditure, etc.), for 22 years in connection with real estate, and for 10 years for documents relating to services supplied electronically, telecommunication, broadcasting, and television services supplied to non-entrepreneurs in EU Member States, where the Mini-One-Stop-Shop (MOSS) is used.

Business-Related Processing

In addition, we process:

Contract data (e.g. subject matter of contract, term, customer category)
Payment data (e.g. bank details, payment history)

of our customers, prospective customers, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.

Order Processing in the Online Shop and Customer Account

We process the data of our customers in the context of order processes in our online shop in order to enable them to select and order the chosen products and services, as well as their payment and delivery or execution.

The data processed includes inventory data, communication data, contract data, payment data, and the data subjects include our customers, prospective customers, and other business partners. The processing is carried out for the purpose of providing contractual services in the context of operating an online shop, billing, delivery, and customer service. In this context, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

Processing is based on Article 6(1)(b) GDPR (execution of order processes) and Article 6(1)(c) GDPR (legally required archiving). The information marked as required is necessary for the conclusion and performance of the contract. We disclose the data to third parties only within the scope of delivery, payment, or within the scope of legal permissions and obligations vis-à-vis legal advisers and authorities. Data is processed in third countries only if this is necessary for contract performance (e.g. at the customer’s request in the case of delivery or payment).

Users may optionally create a user account, in particular by viewing their orders. As part of the registration, the required mandatory information is communicated to the users. User accounts are not public and cannot be indexed by search engines. If users have terminated their user account, their data in relation to the user account will be deleted, subject to retention being required for commercial or tax law reasons in accordance with Article 6(1)(c) GDPR. Information in the customer account remains until its deletion with subsequent archiving where there is a legal obligation. It is the responsibility of users to back up their data before the end of the contract if their account has been terminated.

In the context of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as those of the users, in protection against misuse and other unauthorised use. As a rule, this data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so pursuant to Article 6(1)(c) GDPR.

Deletion takes place after expiry of statutory warranty and comparable obligations; the necessity of retention is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiry (end of 6-year commercial law and 10-year tax law retention obligations).

Agency Services

We process the data of our customers in the context of our contractual services, which include conceptual and strategic consulting, campaign planning, software and design development/consulting or maintenance, implementation of campaigns and processes/handling, server administration, data analysis/consulting services, and training services.

In this regard, we process inventory data (e.g. customer master data such as names or addresses), contact data (e.g. email addresses, telephone numbers), content data (e.g. text entries, photographs, videos), contract data (e.g. subject matter of contract, term), payment data (e.g. bank details, payment history), usage and metadata (e.g. within the scope of the evaluation and measurement of the success of marketing measures). As a rule, we do not process special categories of personal data unless these are components of commissioned processing. The data subjects include our customers, prospective customers, and their customers, users, website visitors, or employees, as well as third parties. The purpose of processing is the provision of contractual services, billing, and our customer service. The legal bases of processing are Article 6(1)(b) GDPR (contractual services) and Article 6(1)(f) GDPR (analysis, statistics, optimisation, security measures). We process data that is necessary for the establishment and performance of the contractual services and draw attention to the necessity of their provision. Disclosure to external parties takes place only if it is required in the context of an order.

In processing data that has been provided to us in the context of an order, we act in accordance with the instructions of the client and the legal requirements for commissioned processing in accordance with Article 28 GDPR and do not process the data for any purposes other than those specified in the order.

We delete the data after expiry of statutory warranty and comparable obligations. The necessity of retention is reviewed every three years; in the case of statutory archiving obligations, deletion takes place after their expiry (6 years pursuant to Section 257(1) HGB, 10 years pursuant to Section 147(1) AO). For data disclosed to us in the context of an order by the client, we delete the data in accordance with the specifications of the order, generally after the end of the order.

Use of External Payment Service Providers

We use external payment service providers through whose platforms users and we can carry out payment transactions (e.g. with links to their privacy policies: PayPal (https://www.paypal.com/de/webapps/mpp/ua/privacy-full), Klarna (https://www.klarna.com/de/datenschutz/), Skrill (https://www.skrill.com/de/fusszeile/datenschutzrichtlinie/), Giropay (https://www.giropay.de/rechtliches/datenschutz-agb/), Visa (https://www.visa.de/datenschutz), Mastercard (https://www.mastercard.de/de-de/datenschutz.html), American Express (https://www.americanexpress.com/de/content/privacy-policy-statement.html)).

In the context of fulfilling contracts, we use payment service providers on the basis of Article 6(1)(b) GDPR. Otherwise, we use external payment service providers on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR in order to offer our users effective and secure payment options.

The data processed by the payment service providers includes inventory data, such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums, as well as contract, total, and recipient-related information. The information is required to carry out the transactions. However, the data entered is processed and stored only by the payment service providers. This means we do not receive any account or credit card-related information, only information confirming or negating the payment. In some circumstances, the data may be transmitted by the payment service providers to credit reference agencies. This transmission is intended to verify identity and creditworthiness. For this, we refer to the terms and privacy notices of the payment service providers.

For payment transactions, the terms and conditions and privacy notices of the respective payment service providers apply, which are accessible within the respective websites or transaction applications. We also refer you to these for further information and the assertion of your rights of withdrawal, access, and other data subject rights.

Administrative, Financial, and Office Organisation

We process data in the context of administrative tasks and the organisation of our operations, financial accounting, and compliance with legal obligations, such as archiving. In doing so, we process the same data that we process in the context of the provision of our contractual services. The legal bases for processing are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Data subjects are customers, prospective customers, business partners, and website visitors. The purpose and our interest in the processing lie in administration, financial accounting, office organisation, and data archiving, tasks that serve the maintenance of our business activities, performance of our duties, and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the information provided for these processing activities.

We disclose or transmit data to the tax authorities, consultants such as tax advisers or auditors, as well as other fee offices and payment service providers.

Furthermore, we store information on suppliers, organisers, and other business partners on the basis of our business interests, e.g. for the purpose of later contact. This predominantly business-related data is stored as a rule on a long-term basis.

Business Analyses and Market Research

In order to run our business economically and to be able to recognise market trends, customer and user wishes, we analyse the data available to us from business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, and metadata on the basis of Article 6(1)(f) GDPR, with the data subjects including contractual partners, prospective customers, customers, visitors, and users of our online offering.

The analyses are carried out for the purpose of business evaluations, marketing, and market research. We may take into account the profiles of registered users with information such as the services they have used. The analyses serve to increase user-friendliness, optimise our offering, and improve business efficiency. The analyses are solely for our use and are not disclosed externally, unless they are anonymous analyses with aggregated values.

If such analyses or profiles are personal, they are deleted or anonymised upon termination of the users’ accounts, otherwise after two years from the conclusion of the contract. In all other respects, the overall business analyses and general tendency determinations are prepared anonymously where possible.

Registration Function

Users can create a user account. As part of the registration process, the required mandatory information is communicated to the users and processed on the basis of Article 6(1)(b) GDPR for the purpose of providing the user account. The processed data includes in particular the login information (name, password, and email address). The data entered during registration is used for the purposes of using the user account and its purpose.

Users can be informed by email about information relevant to their user account, such as technical changes. If users terminate their user account, the data relating to the user account will be deleted, subject to legal retention obligations. It is the responsibility of the users to back up their data before the end of the contract. We are entitled to irretrievably delete all data stored during the term of the contract.

In the context of the use of our registration and login functions and the use of the user account, we store the IP address and the time of each user action. Storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. As a rule, this data is not passed on to third parties, unless it is required for the pursuit of our claims or there is a legal obligation to do so pursuant to Article 6(1)(c) GDPR. IP addresses are anonymised or deleted after no later than 7 days.

Contacting Us

When contacting us (e.g. via contact form, email, telephone, or social media), the user’s details are processed for handling the contact request and its processing in accordance with Article 6(1)(b) GDPR. User details may be stored in a customer relationship management system (“CRM system”) or comparable request organisation.

We delete the enquiries if they are no longer necessary. We review necessity every two years; statutory archiving obligations also apply.

The following information informs you about the content of our newsletter, the registration, dispatch and statistical evaluation procedure, and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the content of the newsletter is specifically described during registration, it is decisive for the user’s consent. Otherwise, our newsletters contain information about our services and us.

Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process. This means that after registration, you receive an email asking you to confirm your registration. This confirmation is necessary to ensure that no one can register with third-party email addresses. Newsletter registrations are logged in order to be able to prove the registration process in accordance with legal requirements. This includes storage of the registration and confirmation time, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Registration data: To register for the newsletter, it is sufficient to provide your email address. We optionally ask you to provide a name for personal salutation in the newsletter.

The dispatch of the newsletter and the performance measurement associated with it are based on the consent of the recipients pursuant to Article 6(1)(a) and Article 7 GDPR in conjunction with Section 7(2) No. 3 UWG, or, if consent is not required, on the basis of our legitimate interests in direct marketing pursuant to Article 6(1)(f) GDPR in conjunction with Section 7(3) UWG.

The logging of the registration process is based on our legitimate interests pursuant to Article 6(1)(f) GDPR. Our interest is in the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users, and also allows us to prove consent.

Cancellation/withdrawal – You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. A link to cancel the newsletter can be found at the end of each newsletter. We may store unsubscribed email addresses for up to three years on the basis of our legitimate interests before deleting them, in order to be able to prove previously given consent. The processing of this data is limited to the purpose of a possible defence of claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

Newsletter – Newsletter2Go

The newsletter is sent using the mailing service provider Newsletter2Go GmbH, Nürnberger Straße 8, 10787 Berlin, Germany. You can view the mailing service provider’s privacy policy here: https://www.newsletter2go.de/datenschutz/. The mailing service provider is used on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR and a data processing agreement pursuant to Article 28(3) sentence 1 GDPR.

The mailing service provider may use the data of recipients in pseudonymous form, i.e. without attribution to a user, to optimise or improve its own services, e.g. for technical optimisation of the dispatch and presentation of the newsletter or for statistical purposes. However, the mailing service provider does not use the data of our newsletter recipients to contact them itself or to pass them on to third parties.

Newsletter – Performance Measurement

The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from our server, or, if we use a mailing service provider, from its server, when the newsletter is opened. In the course of this retrieval, technical information such as information about the browser and your system, as well as your IP address and time of retrieval, is collected.

This information is used to technically improve the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the aid of the IP address) or the access times. The statistical surveys also include determining whether newsletters are opened, when they are opened, and which links are clicked. From a technical perspective, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor, if used, that of the mailing service provider to observe individual users. Rather, the analyses serve to identify the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Separate withdrawal of performance measurement is unfortunately not possible; in such a case, the entire newsletter subscription must be cancelled.

Hosting and Email Dispatch

The hosting services used by us are for the provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, and technical maintenance services that we use for the purpose of operating this online offering.

In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, prospective customers, and visitors of this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Article 6(1)(f) GDPR in conjunction with Article 28 GDPR (conclusion of a data processing agreement).

Collection of Access Data and Log Files

We or our hosting provider collect, on the basis of our legitimate interests within the meaning of Article 6(1)(f) GDPR, data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, data volume transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Log file information is stored for security reasons (e.g. for the investigation of misuse or fraud) for a maximum period of 7 days and then deleted. Data which must be retained for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thereby e.g. integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of personal data of users, reference is made to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.

Google Analytics

We use, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offering within the meaning of Article 6(1)(f) GDPR), Google Analytics, a web analysis service of Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users’ use of the online offering is generally transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google will use this information on our behalf to evaluate users’ use of our online offering, to compile reports on activities within this online offering, and to provide us with further services relating to the use of this online offering and internet usage. In doing so, pseudonymous usage profiles of the users may be created from the processed data.

We use Google Analytics only with IP anonymisation activated. This means that the IP address of users is shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.

The IP address transmitted by the user’s browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on data use by Google, settings, and objection options can be found in Google’s privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

The personal data of users is deleted or anonymised after 14 months.

We use Google Analytics to display ads placed within Google’s and its partners’ advertising services only to users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined by the websites visited) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, we also wish to ensure that our ads correspond to the potential interest of users.

Google AdWords and Remarketing

We use the online marketing procedure Google “AdWords” to place ads in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are presumed to be interested in the ads. This allows us to display ads for and within our online offering more specifically, in order to present users only with ads that potentially match their interests. If, for example, a user is shown ads for products in which they have shown interest on other online offerings, this is referred to as “remarketing”. For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, comparable technologies may also be used). This file records which websites the user has visited, which content they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other details on the use of the online offering.

We also receive an individual “conversion cookie”. The information collected using the cookie is used by Google to compile conversion statistics for us. We only learn the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. We do not receive information that personally identifies users.

The data of users is processed within the Google advertising network in pseudonymous form. This means that Google does not store and process, for example, the name or email address of users, but processes the relevant data cookie-related within pseudonymous user profiles. This means that from Google’s perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly permitted Google to process the data without such pseudonymisation. The information collected about users is transmitted to Google and stored on Google servers in the USA.

Online Presence in Social Media

We maintain online presences within social networks and platforms in order to communicate with customers, prospective customers, and users who are active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and data processing policies of their respective operators apply.

Unless otherwise stated in our privacy policy, we process users’ data if they communicate with us within the social networks and platforms, e.g. by writing posts on our online presences or sending us messages.

Integration of Third-Party Services and Content

We use, within our online offering and on the basis of our legitimate interests (i.e. interest in the analysis, optimisation, and economical operation of our online offering within the meaning of Article 6(1)(f) GDPR), content or service offerings by third-party providers in order to integrate their content and services, such as videos or fonts (hereinafter collectively referred to as “content”).

This always requires that the third-party providers of such content perceive the users’ IP address, since they would not be able to send the content to the users’ browser without the IP address. The IP address is thus required for the display of this content. We endeavour to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Through the “pixel tags”, information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, and other data on the use of our online offering, as well as being linked with such information from other sources.

YouTube

We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated

Google Fonts

We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated

Google reCAPTCHA

We integrate the function for the detection of bots, e.g. when entering data in online forms (“reCAPTCHA”), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated

Google Maps

We integrate the maps of the “Google Maps” service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data processed may include, in particular, IP addresses and location data of users, which, however, are not collected without their consent (usually as part of the settings of their mobile devices). Data may be processed in the USA.
Privacy policy: https://www.google.com/policies/privacy/
Opt-out: https://adssettings.google.com/authenticated

Instagram

Within our online offering, functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA, may be integrated. This may include content such as images, videos, or texts and buttons with which users can share content of this online offering within Instagram. If users are members of the Instagram platform, Instagram can assign the access to the above-mentioned content and functions to the profiles of the users there.
Instagram privacy policy: http://instagram.com/about/legal/privacy/

Created with the privacy generator by RA Dr. Thomas Schwenke.

Smartsupp – Live Chat

This website uses the Smartsupp live chat plugin.
Provider: Smartsupp, Milady Horakove 13, 602 00 Brno, Czech Republic.

Smartsupp uses technology to enable direct contact with employees of the company. For this purpose, data such as visited page content, user data, or browser information are exchanged with the employee via Smartsupp. This data is displayed anonymously in Smartsupp. During this process, “session cookies” are used, which do not contain any personal data. These cookies are deleted after the visit to the website. The data is transmitted in encrypted form to servers which are generally located in the EU.

In accordance with Article 6(1)(a) and (f) GDPR, the function of storing data can be used voluntarily in order to receive direct individual advice. The website operator also has an interest in analysing user behaviour in order to optimise the web offering and the displayed advertising.

To prevent data collection, it is sufficient not to use the chat. It is also possible to block the chat via browser add-ons.

Data processing already takes place upon visiting the site.
You can find more information, transparently presented, at:
https://www.smartsupp.com/de/privacy.

Sendinblue

Management of Contacts and Sending of Messages

This type of service enables the management of a database of email contacts, phone numbers, or any other contact information in order to communicate with the user. The services may also collect data on what date and at what time a message was read by the user, as well as when the user interacts with incoming messages, for example by clicking on links contained therein.

SendinBlue Email (SendinBlue SAS)
SendinBlue is a service provided by SendinBlue SAS for managing email addresses and sending messages.

Personal data collected: cookie; email address; usage data.

Place of processing: France
Privacy policy: https://de.sendinblue.com/legal/privacypolicy/

Management of User Databases

This type of service allows the provider to create user profiles using information such as the user’s email address, name, or other information provided to this application, as well as to track user activities through analytics functionalities. This personal data may also be matched with publicly available information about the user (such as profiles in social media) and used to build a personal profile that the provider can view and use to improve this application.

Some of these services may also envisage the sending of timed messages to the user, such as emails linked to certain actions performed in this application.

SendinBlue Marketing Automation (SendinBlue SAS)
SendinBlue is a user database management service provided by SendinBlue SAS.

Personal data collected: cookie; email address; usage data.

Place of processing: France
Privacy policy: https://de.sendinblue.com/legal/privacypolicy/

Conclusion of a Data Processing Agreement
We have concluded a data processing agreement with SendinBlue, in which we oblige SendinBlue to protect the data of our customers and not to pass it on to third parties.

Address Validation (Endereco)

On our website, we offer you the possibility to check certain entries in address forms of our webshop in real time for input errors. This is intended to avoid problems with the delivery of the products you have ordered resulting from incorrect information.

In addition, we want to ensure that your contact details are valid for sending information about your order or for any necessary queries.

For the provision of these functions, we use the service provider Endereco, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany. The service provider processes the data exclusively in accordance with our instructions. The legal basis for the transfer, processing, and temporary storage of the data by the service provider is Article 6(1)(b) GDPR, as it is strictly necessary for the performance of the contract or the implementation of pre-contractual measures that certain data entered by you in the input form is checked for correctness.

The following data is processed by the service provider:

Address (country, city, postal code, street, and, where applicable, house number)
Email address (if activated; otherwise to be removed)
Telephone number (if activated; otherwise to be removed)

The data is processed separately by the service provider and is not merged. The requests are deleted by the service provider as soon as the status of the data entered has been determined and storage in the webshop has been completed, but at the latest after 30 days.

Free expert advice

No minimum order value!

Free shipping from €100 for parcels within Germany

15 years of experience in the cosmetics, hairdressing and medical sectors!

Free expert advice via phone, WhatsApp, email or cha

No minimum order value! Order easily and simply!

Free shipping for orders over €100 within Germany!

15 years of experience in the cosmetics, hairdressing and medical sectors!