Privacy Policy

Responsible for the processing of data is:

Medicos Kosmetik GmbH & Co. KG
Hafengrenzweg 3
D-48155 Münster
Germany
datenschutz/at/dermasence/dot/de

Thank you for visiting our website. Protection of your privacy is very important to us.Below you will find extensive information about how we handle your data.
 

1. Access data and hosting

You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our online appearance. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our online appearance that are overriding in the process of balancing of interests.

 Hosting

The services for hosting and displaying the website are partly provided by our service providers on the basis of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

2. Data processing for the purposes of establishing contact and customer communication

2.1 User account

We collect personal data that you voluntarily submit to us when you contact us (e.g. via contact form or by email) or open a user account with us. Mandatory fields are marked as such because we absolutely need those data to process your contact request or open your user account, and you would otherwise not be able to create your user account or send the contact request. It is evident in each input form what data are collected.

We use the data that you disclose to us to process your enquiries according to Art. 6

(1) (b) GDPR. Upon deletion of your customer account, any further processing of your data will be restricted, and your data will be deleted upon expiry of the retention period applicable under relevant regulations, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by law, of which we inform you in this notice. Your user account can be deleted at any time. For this purpose you can either send a message to the contact option specified below or use the relevant function available in the user account.

2.2 Establishing contact

We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we necessarily need the data to process your contact and you cannot send the contact without providing it. Which data is collected can be seen from the respective input forms. We use the data you provide to process your enquiries in accordance with Art. 6 (1) (b) GDPR.

After complete processing of your enquiry, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 (1) (c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.

3. Marketing via e-mail, mail, telephone

3.1 Email newsletter with subscription, newsletter tracking with separate consent

If you subscribe to our newsletter, we will regularly send you our email newsletter based on your consent according to Art. 6 (1) (a) GDPR, using the data required or disclosed by you separately for this purpose.

You can unsubscribe from the newsletter at any time. This can either be done by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the list of recipients, unless you have expressly consented to the further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.

If you have additionally given us your consent in accordance with Art. 6 (1) 1 a GDPR to analyse our newsletter, we will also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular

  • the page from which the page was requested (so-called referrer URL),
  • the date and time of the request,
  • the description of the type of web browser used,
  • the IP address of the requesting computer,
  • the e-mail address,
  • the date and time of registration and confirmation

and the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

Unsubscribing from newsletter tracking is possible at any time and can be done either by sending a message to the contact option described or via a link provided for this purpose in the newsletter.

The information is stored for as long as you are subscribed to the newsletter.

3.2 Newsletter mailing

The newsletter and the newsletter tracking shown above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

3.3 Postal advertising and your right to opt out

Furthermore, we reserve the right to use your first and last name and your postal address for our advertising purposes, e.g. for sending interesting offers and information about our products by post. This serves to safeguard our legitimate interests in promoting and advertising our products to customers according to Art. 6 (1) (f) GDPR that are overriding in the process of balancing of interests. You can opt out of the storage and use of your data for these purposes at any time by sending a message to the contact option specified below.

The advertisements are sent to you by our service provider who processes data on our behalf and to whom we disclose your data for this purpose.

3.4 Phone advertising

If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will use the data required for this purpose or provided separately by you for our own advertising purposes, e.g. to inform you about interesting offers and our products. You can withdraw your consent at any time, either by sending a message to the contact option described in this privacy policy or by verbal notification within each call. After withdrawal, we will delete your telephone number unless you have expressly consented to the further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.

4. Information on third country transfer (data transfer to third countries)

We use technology from service providers on our website whose server locations may be in third countries outside the EU or EEA. This also includes the USA. If, as in the case of the USA, there is no adequacy decision by the EU Commission, an adequate level of data protection must be ensured by means of other suitable guarantees. The ECJ ruled in July 2020 that the Privacy Shield agreement between the EU and the US can no longer be used to transfer personal data to the US. This means that the sectoral adequacy decision has thus been repealed.

Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection rules (Binding Corporate Rules) are possible in principle, but require a prior review by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the ECJ ruling, it may be necessary to take additional protective measures for this purpose.

In principle, we have agreed the standard data protection clauses issued by the EU Commission and still valid with the third-party technologies we use that process personal data in a third country such as the USA. Where possible, we also agree on additional safeguards to ensure that sufficient data protection is guaranteed in the USA or other third countries.

Notwithstanding this, it may happen that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that in the EU. For these cases, we might ask you, in the context of the cookie consent, for your consent in accordance with Art. 49 (1) (a) GDPR to the transfer of your personal data to a third country. This refers in particular to the transfer of data to the USA.

In particular, there is a risk that US authorities may not have sufficiently limited access rights to your personal data from an EU perspective without us as the data exporter or you as the data subject being aware of this and you may not have any legal remedies to prevent this or to take action against such access.

5. Cookies and further technologies

 General information

In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser during your next visit (persistent cookies).

 Protection of privacy for terminal devices

When you use our online services, we use technologies that are absolutely necessary in order to provide the telemedia service you have expressly requested. The storage of information in your terminal device or access to information that is already stored in your terminal device does not require consent in this respect.

For functions that are not absolutely necessary, the storage of information in your terminal device or access to information that is already stored in your terminal device requires your consent. Please note that if you do not give your consent, parts of the website may not be available for unrestricted use. Any consent you may have given will remain valid until you adjust or reset the respective settings in your terminal device.

Any downstream data processing through cookies and other technologies

In addition, we use technologies to fulfil the legal obligations, which we are subject to (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

You can find the cookies settings for your browser by clicking on the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of the technologies in accordance with Art. 6 (1) (a) GDPR, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy or

How can I configure the cookie settings of my browser?

Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for each browser under the following links:

Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

What types of cookies are being used?

Targeting cookies: These cookies record information about your visit to the website, previously viewed pages and links you clicked. We use this information to tailor our website and displayed ads to your interests.

Marketing Cookies: These cookies record information about your visit to the website, previously viewed pages and links you clicked. We use this information to tailor our website and displayed ads to your interests.

Essential cookies: These cookies are necessary to enable you to use our website. This includes e.g. cookies that enable you to log into the customer area or add items to your shopping cart.

Analytical / performance cookies: These cookies enable collecting anonymised data about user behaviour on our website. We analyse them e.g. to improve the functionality of our website and recommend you products that will be interesting to you.

Functional cookies: These cookies are used for certain features of our website, e.g. to improve the website’s navigation, or deliver to you customised and relevant information (e.g. ads that match your interests).

 

Use of consent management platform

We use OneTrust, a consent management platform (hereinafter "OneTrust") from OneTrust Technology Limited, 82 St John St Farringdon London EC1M 4JN, United Kingdom, on our website. We use OneTrust to request consent for the processing of your terminal information and personal data using cookies or other technologies. OneTrust provides you with the opportunity to consent to the processing of the above information for the purposes listed. Processing purposes may include, for example, the integration of external elements, statistical analysis, reach measurement, individualized product recommendations and individualized advertising.

When using OneTrust, personal data as well as end device information is processed by us. In the process, your data is also sent to the service provider OneTrust Technology Limited. The information about the settings you have made will also be stored in your terminal device. Your settings and personal data will be deleted after 12 months, unless you delete the information about your user settings in your browser yourself beforehand.

The legal basis for the processing is Art. 6 (para. 1 p. 1 lit. c) DSGVO, insofar as the processing serves to fulfill the legal obligations to provide evidence for the granting of consent. Otherwise, Section 25 (2) TTDSG is the relevant legal basis.

We have concluded an order processing agreement with OneTrust Technology Limited, by which we oblige the service provider to protect your data and not to disclose it to third parties.

You can view the privacy policy of OneTrust Technology Limited here: https://www.onetrust.com/privacy/

If you have consented to the use of the technologies in accordance with Art. 6 (1) (a) GDPR, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy or by clicking

Revoke consent to load third-party content:

 

6. Use of cookies and other technologies for web analytics and advertising purposes

If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we use the following cookies and other third-party technologies on our website. The data collected in this context will be deleted after the relevant purpose has been fulfilled and we have ended the use of the respective technology. You can withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section "cookies and further technologies". Further information including the legal basis for data processing can be found within the respective technologies. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

 

6.1 Use of Google services

We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there.

Unless otherwise specified for the specific technologies, data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

 

 Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then deleted immediately before the traffic is forwarded to further Google servers for processing. The data processing is carried out on the basis of an order processing agreement by Google.

For web analytics purposes, the extension function of Google Analytics Google Signals enables so-called "cross-device tracking". If your internet-enabled devices are linked to your Google Account and you have activated the "personalised advertising" setting in your Google Account, Google can generate reports on your usage behaviour (in particular cross-device user numbers), even if you change your device. We do not process personal data in this respect; we only receive statistics based on Google Signals.

For web analytics and advertising purposes, the extension function of Google Analytics enables the so-called DoubleClick cookie to recognize your browser when visiting other websites. Google will use this information to compile reports about your website activities and to provide other services related to the use of the website.

 Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account.
 

 Google Ads

For advertising purposes in the Google search results as well as on the websites of third parties, the so-called Google Remarketing Cookie is used when you visit our website, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information as well as information on your use of our website), by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing only takes place if you have activated the setting "personalised advertising" in your Google account. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behavior when you arrive on our website via a Google Ads ad. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration) may be collected, from which usage profiles are created using pseudonyms.

 Google Maps

For the visual representation of geographical information, Google Maps collects data on your use of the Maps functions, in particular the IP address and location data, and transmits this data to Google and then processes it by Google. We have no influence on this subsequent data processing.
 

 Google reCAPTCHA

For the purpose of protection against misuse of our web forms as well as against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information as well as information on your use of our website) and performs an analysis of your use of our website by means of a so-called JavaScript and cookies. In addition, other cookies stored in your browser by Google services are evaluated. Personal data is not read out or stored from the input fields of the respective form.

Google Tag Manager

By means of the Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g. IP address, online identifiers (including cookies)). The data processing is carried out on the basis of an order processing agreement by Google.

By using the Google Tag Manager, a simplified integration of various services/technologies can be achieved.

If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.

 YouTube Video Plugin

In order to integrate third party content, data (IP address, time of visit, device and browser information) are collected via the YouTube Video Plugin in the expanded data protection mode used by us, transmitted to Google and then processed by Google only when you play a video.

6.2 Use of Microsoft services

We use the technologies of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereafter "Microsoft"). The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is usually transferred to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and stored there. For more information about Microsoft's data processing practices, please see Microsoft's privacy policy.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

 Microsoft Advertising

For advertising purposes in the Bing, Yahoo and MSN search results as well as on the websites of third parties, the so-called Microsoft Advertising Remarketing Cookie is used when you visit our website, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous cookie ID and based on the pages you visit.

For website analytics and event tracking purposes, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behavior when you arrive on our website via a Microsoft Advertising ad, from which usage profiles are generated using pseudonyms. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration) may be collected, from which user profiles are created using pseudonyms. As long as your Internet-enabled devices are linked to your Microsoft account and you have not disabled the "Interest-based Advertising" setting in your Microsoft account, Microsoft can generate reports on usage behavior (especially cross- device user numbers), even if you change your device, so-called "cross-device tracking". In this respect, we do not process personal data, we only receive statistics based on Microsoft UET.

Microsoft Forms

We use the "Microsoft Forms" tool to conduct anonymous surveys and polls.

Please note that this data protection information only covers the processing of your personal data by us in the context of the use of Microsoft Forms. Information on the processing of your data by Microsoft can be found in the corresponding Microsoft statement under the following links:

Microsoft Service Agreement

Security and data protection in Microsoft Forms  

When using Microsoft Forms, various types of data are processed, depending on the information you provide when participating in surveys or polls. This includes:

  • User name, display name, e-mail address
  • Preferred language
  • Date and time of opening the questionnaire
  • Date and time of sending the response

The information you provide in surveys is survey-specific. You yourself decide which personal data you enter in response fields.

Our interest at Medicos Kosmetik GmbH & Co. KG is to collect information to improve service, offers and products and to increase customer satisfaction and employee satisfaction. Participation in surveys and polls is always voluntary.

6.3 Use of Facebook services

Facebook Custom Audiences / Meta Pixel

We use the "Facebook Custom Audiences" service on our website. For this service, "meta pixels" are used on our website.

Both services are operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland and enable us to target you with interest-based advertising on the Facebook social network.

In order to display personalised interest-based advertisements (Facebook Ads) on Facebook, we use the "Facebook Custom Audiences" service in conjunction with the "meta pixel". When you visit our website, the "meta pixel" establishes a direct connection to the Facebook servers and transmits information about the pages you visit. This information is matched with your Facebook user account, and the next time you visit Facebook, you will receive personalised advertisements accordingly (we do not use the "advanced matching" function and it is therefore deactivated).

In addition, the "Facebook Custom Audiences" service is used to personalise and optimise our website.

With the help of "Facebook Custom Audiences" / "Meta Pixel", the following data is collected and processed:

- Viewed content

- Views and interactions with content and ads and services

- User agent

- Browser information

- Browser type

- Cookie ID

- Device information

- Marketing campaign success

- Facebook User ID

- Facebook cookie information

- Geographic location

- Device operating system

- Hardware/software type

- Information from third party sources

- IP address

- Non-sensitive custom data

- Usage data/user behaviour

- Pixel ID

- Pixel specific data

- Referrer URL

- Social media friend network

- Transaction information

- Conversions

The legal basis for the processing of your data is your consent pursuant to Art. 6 (1) a) DSGVO. You can revoke your consent at any time by clicking on the corresponding button in section 5. Cookies.

If you have a Facebook account, you can also deactivate the "Custom Audiences" remarketing function in the Ad Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

Facebook or Meta Platforms also processes data from you in the USA. Meta is an active participant in the EU-US Privacy Framework and uses standard contractual clauses to ensure the correct and secure transfer of data from EU citizens to the USA. In addition, through the EU-US Privacy Framework, Facebook commits to comply with the European level of data protection.

More detailed information on Facebook's privacy policy and standard contractual clauses can be found here https://www.facebook.com/legal/terms/dataprocessing.

Personal data is kept for as long as it is necessary to fulfil the purpose of the processing. The data will be deleted as soon as they are no longer necessary to achieve the purpose.

6.4 Other providers of web analytics – and online-marketing-services

 Use of Matomo as a software solution for web analytics

For the purpose of web analytics, the software Matomo of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymised user profiles will not be merged with personal data about the bearer of the pseudonym without explicit consent of the user, which must be given separately. The data processing by Matomo takes place on our servers.

 Use of Vimeo video plugin for integration of third-party content

For the purpose of integrating third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin by Vimeo Inc., 330 West 34th Street, 5th Floor, New York 10011, USA (hereafter "Vimeo"), transmitted to, and then processed by Vimeo. The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Google Analytics is automatically integrated into the Vimeo video plugin. For the purpose of web analytics, Google Analytics automatically collects and stores data (IP

address, time of visit, device and browser information, as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies can be used for this purpose. Google Analytics is an offer from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then deleted immediately before the traffic is forwarded to further Google servers for processing. We have no influence and access to the data processing by Vimeo, including the settings and results of Google Analytics.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

7. VWO

For the purpose of analysing and evaluating the use of our website, we use the VWO service from Wingify. Wingify Software Pvt. Ltd. is a company based in India (KLJ TOWER, 1104, North, Netaji Subhash Place, Pitam Pura, Delhi, 110034). VWO also processes the data in the USA, among other places. We would like to point out that there is no adequate level of protection for the transfer of data to third countries. This could entail various risks for the lawfulness and security of the data processing. The basis for data processing is the so-called standard contractual clauses.

With VWO, we control tests (so-called A/B tests, split tests and multivariant tests) to track the effects of adjustments to the user interface. In addition, we use the modules Heatmaps and Session Recordings. We use VWO's technology to better understand the needs of our users and to optimise the offer and the user experience on our website.

In this context, we process the following data, among others:

- the mouse movement history data

- the buttons clicked

- the extent of scrolling

- the IP address of the device used

- the screen size of the device used

- device type (unique device identifiers) and browser details

- Geographical location (country)

- the preferred language in which our website is displayed

- The date and time of your visit to the website

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a DSGVO (consent). You can revoke your consent at any time by clicking on the corresponding button under section 5. Cookies.

Alternatively, you can prevent the collection of your data by VWO altogether by deactivating the tool via VWO's opt-out page: https://vwo.com/opt-out/. You can view the privacy policy of Wingify Software Pvt. Ltd. here: https://vwo.com/privacy-policy/.

 

8. Contentbird

On our website we use "contentbird convert", a service of the Berlin, Germany, to create interactive content formats. When using this function, personal data may be collected, including date and time of visit, user behaviour, contact details, user responses, referrer URL, web request and IP address (anonymised). This data is used to measure the performance of the format and campaign, as well as for contact data collection and participant surveys. Both we and contentbird GmbH receive and process this data. The contenbird GmbH processes the data as part of an order processing in accordance with the DSGVO. The service provider is strictly bound by instructions to us and is contractually obligated accordingly. The service does not transfer any data to third countries.

In addition, the service stores information on your end device by setting an entry in the local storage of the browser. This entry is set when you interact with the interactive graphic in order to store information about which hotspots have already been used so that they are highlighted accordingly when you visit the site again. The duration of this entry is unlimited. If you consent to the processing of your data, this will be done exclusively on the basis of Art. 6 para. 1 lit. a) DSGVO and § 25 para. 1 TTDSG, insofar as the consent to the storage of cookies or access to information in the terminal device of the user within the meaning of the TTDSG. You can revoke your consent at any time by clicking on the corresponding button under 5. cookies.

For further information on contenbird Convert and the privacy policy of contentbird GmbH, please see the following links: https://en.contentbird.io/ and https://en.contentbird.io/datenschutz.

 

9. LoyJoy Chat

In order to improve our offer, we use the chatbot of our service provider LoyJoy GmbH, Kapuzinerstr. 20, 48149 Münster, Germany.

The following data, to which the service provider does not have access, is processed by the chatbot:

  • Date and time of the call
  • Browser type and version
  • IP address
  • Operating system used
  • URL of the current and previously visited website
  • Chat history, such as messages posted, replies selected

This data is aggregated and used anonymously for statistical evaluations in order to measure success and, if advertising consent has been given, to enable optimisation of message dissemination.

The legal basis for the processing is your consent pursuant to Section 6 (1) a) DSGVO and our legitimate interest pursuant to Section 6 (1) f) DSGVO.

LoyJoy uses the services of "Cloudflare" (provider: Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA).

Cloudflare operates a content distribution network (CDN) and provides security functions for the LoyJoy web application (web application firewall). The data transfer between the browser and the LoyJoy servers passes through Cloudflare's infrastructure and is analysed to prevent attacks. Cloudflare is used in the interest of secure use of LoyJoy and defence against malicious attacks from outside. This constitutes a legitimate interest in the sense of Section 6 (1) lit. f DSGVO. Further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com/privacypolicy/.
 

10. Promotions (e.g. product tects)

 Purpose/Information

If you participate in our "DERMASENCE Product Check" product test or other campaigns, your personal data will be used to implement the respective campaign. You will receive detailed information in the respective conditions of participation valid for the campaign.

The provision of personal data is necessary for the conclusion of a contract. You are not obliged to provide your personal data, however, if you do not provide it, the respective promotion cannot be carried out.

Further information can be found in the respective conditions of participation.

 Recipients

The collected data is passed on for processing to internal departments and, if necessary, to external service providers or order processors (e.g. shipping service providers) for the respective necessary purposes.

 Deletion

After final processing of the respective promotion, your personal data will be deleted (see respective conditions of participation), unless this is required by legal retention periods or statute of limitations.
 

11. Social Media

Our online presence on Facebook (by Meta), Twitter, Youtube,
Instagram (by Meta), Pinterest, Xing, LinkedIn

If you have given your consent to the respective social media provider in accordance with Art. 6 (1) (a) GDPR, when you visit our online presence on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media provider, as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the provider's privacy policies linked below. Should you still require assistance in this regard, please contact us.

 

Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing in the context of a visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

There is a decision of the European Commission on an adequate level of data protection for the USA as the basis for a third country transfer, insofar as the respective service provider is certified.

Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.There is no adequacy decision for these countries by the European Commission. Our cooperation with them is based on these safeguards: Standard data protection clauses of the European Commission.

Twitteris provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transmitted to and stored on a server at Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is typically transferred to and stored on a server at Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in the context of a visit to an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with art. 26 DSGVO. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina: There is a decision of the European Commission on an adequate level of data protection for the USA as the basis for a third country transfer, insofar as the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico: There is no adequacy decision for these countries by the European Commission. Our cooperation with them is based on these safeguards: Standard data protection clauses of the European Commission.

YouTubeis provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereafter "Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Pinterestis provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereafter "Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to and stored on a server of Pinterest, Inc, 505 Brannan St, San Francisco, CA 94107, USA.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

LinkedInis provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information LinkedIn automatically collects about your use of our online presence on LinkedIn is generally sent to a server at LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA.

There is a decision of the European Commission on an adequate level of data protection for the USA as the basis for a third country transfer, insofar as the respective service provider is certified. Until certification by our service providers, the data transfer continues to be based on this basis: standard data protection clauses of the European Commission.

Xingis provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

 

TikTok Business Profile

We use the technical services and infrastructure (platform) of "TikTok Technology Limited", based at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as "TikTok"), to create and maintain our TikTok business profile or our TikTok page. This is used for product advertising, the implementation of campaigns and communication with our customers and interested parties.

For this purpose, we offer various functions for interaction and making contact. You have the option of reacting to our videos, leaving comments, liking and sharing them. You can also contact us via the direct message function. Please note that, depending on your account settings on the TikTok platform, all personal information from your account may be publicly visible to third parties when you interact with our site, a flow of information over which we have no control.

TikTok automatically collects information about you when you use the app or are logged in and processes it on its servers worldwide. This information is necessary to enable functions such as direct messages or interaction on our site. As part of the processing, TikTok uses subcontractors such as Facebook and Google. It is possible that your personal data may be transferred, in particular to China, the USA or another third country for which there is no adequacy decision by the EU Commission.

The list of personal data collected includes, but is not limited to
- IP address
- Date and time of the server request
- Time zone difference
- Content of the request (specific browser or app function)
- Access status
- Amount of data transferred
- Browser or app
- Device type
- Operating system used and its interface (e.g. Android or iOS)
- Language and version of the operating system and device identifiers

We have no influence on the processing by TikTok and the storage duration of your personal data that is published as part of our campaigns or on our TikTok page. TikTok is solely responsible for this. Information on what data TikTok collects about you and how it is processed can be found at the following link: Link to TikTok's privacy policy
Our TikTok presence aims to bring company information to the right target groups in a targeted manner. The use of social media is widespread in the EU and in 2019, 54% of people aged 16 to 74 were actively involved in social networks. This participation rate is rising continuously. It should be noted that the increasing concentration in social media markets and the targeting of users may also increase the risks to the rights and freedoms of a significant number of people. For example, certain social media providers may be able to combine a larger amount and variety of personal data on their own or in cooperation with other companies.
We process your personal data on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiries and interacting with you in the context of social media marketing, which is made possible by your active contact and clicks on our content.

If you contact us directly via the direct message function, for example to ask questions about our products, we process your TikTok user name and other data in order to be able to fulfil your communication requests.

In the course of our campaigns, we may regularly publish public content such as stories, videos or posts, provided they are directly addressed to us or mention our product range. We process content as part of this correspondence in order to be able to respond to it and maintain our presence on the platform. In addition, we may contact individual TikTok users to assist them with product fulfilment or to respond to low ratings in order to improve our products.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to maintain and constantly improve public communication with our profile visitors (customers, interested parties, etc.) and thus proactively demonstrate our presence on the relevant market.

We delete the personal data of TikTok users concerned in connection with the processing in accordance with Art. 17 para. 1 lit. a GDPR as soon as it is no longer required for the purposes of the processing or the objective has been achieved. Alternatively, we restrict the processing of your data to compliance with mandatory statutory retention obligations, insofar as such an obligation exists in accordance with Art. 17 para. 3 lit. b. You have the option of deleting content that you have published on our TikTok profile yourself at any time.

You can object to the processing in accordance with Art. 21 GDPR. You have the right to object on grounds relating to your particular situation.

12. Contact options and your rights

12.1 Your rights

Being the data subject, you have the following rights according to:

  • art. 15 GDPR, the right to obtain information about your personal data which we
    process, within the scope described therein;
  • art. 16 GDPR, the right to immediately demand rectification of incorrect or completion of your personal data stored by us;
  • art. 17 GDPR, the right to request erasure of your personal data stored with us, unless further processing is required
    • to exercise the right of freedom of expression and information;
    • for compliance with a legal obligation;
    • for reasons of public interest or
    • for establishing, exercising or defending legal claims;
  • art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as
    • the accuracy of the data is contested by you;
    • the processing is unlawful, but you refuse their erasure;
    • we no longer need the data, but you need it to establish, exercise or defend legal claims, or
    • you have lodged an objection to the processing in accordance with art. 21GDPR;
    • Lei si oppone al trattamento ai sensi dell’art. 21 dell'RGPD;
  • art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request ist transmission to another controller;
  • art. 77 GDPR, the right to complain to a supervisory authority . As a rule, you can contact the supervisory authority at your habitual place of residence or workplace or at our company headquarters.
     

Right to object

If we process personal data as described above to protect our legitimate interests that are overriding in the process of balancing of interests, you may object to such data processing with future effect. If your data are processed for direct marketing purposes, you may exercise this right at any time as described above. If your data are processed for other purposes, you have the right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

This does not apply to the processing of personal data for direct marketing purposes. In such a case we will no longer process your personal data for such purposes.

 

12.2 Contact options:

If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.
 

Data protection Officer:

Herr Said-Elham Sadat / DSB Münster GmbH
Martin-Luther-King-Weg 42 – 44
48155 Münster
Germany

If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.

Datenschutzerklärung erstellt mit dem Trusted Shops Rechtstexter

InstagramFacebookYouTubePinterestXINGLinkedIn