Select your language:

Privacy Policy

Responsible for the processing of data is:

Medicos Kosmetik GmbH & Co. KG
Hafengrenzweg 3
48155 Münster
Germany
datenschutz/at/dermasence/dot/de

Thank you for visiting our website. Protection of your privacy is very important to us.Below you will find extensive information about how we handle your data.
 

1. Access data and hosting

You may visit our website without revealing any personal information. With every visit on the website, the web server stores automatically only a so-called server log file which contains e.g. the name of the requested file, your IP address, the date and time of the request, the volume of data transferred and the requesting provider (access data), and documents the request. These access data are analysed exclusively for the purpose of ensuring the smooth operation of the website and improving our online appearance. This serves according to Art. 6 (1) 1 lit. f GDPR the protection of our legitimate interests in the proper presentation of our online appearance that are overriding in the process of balancing of interests.

 Hosting

The services for hosting and displaying the website are partly provided by our service providers on the basis of processing on our behalf. Unless otherwise stated in this privacy policy, all access data and all data collected in forms provided for this purpose on this website are processed on their servers. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

2. Data processing for the purposes of establishing contact and customer communication

2.1 User account

We collect personal data that you voluntarily submit to us when you contact us (e.g. via contact form or by email) or open a user account with us. Mandatory fields are marked as such because we absolutely need those data to process your contact request or open your user account, and you would otherwise not be able to create your user account or send the contact request. It is evident in each input form what data are collected.
We use the data that you disclose to us to process your enquiries according to Art. 6 (1) (b) GDPR. Upon deletion of your customer account, any further processing of your data will be restricted, and your data will be deleted upon expiry of the retention period applicable under relevant regulations, unless you expressly consent to the further use of your data or we reserve the right to further use your personal data in the scope and manner permitted by law, of which we inform you in this notice. Your user account can be deleted at any time. For this purpose you can either send a message to the contact option specified below or use the relevant function available in the user account.

2.2 Establishing contact

​​​​​​​We collect personal data if you voluntarily provide it when contacting us (e.g. via contact form or e-mail). Mandatory fields are marked as such because in these cases we necessarily need the data to process your contact and you cannot send the contact without providing it. Which data is collected can be seen from the respective input forms. We use the data you provide to process your enquiries in accordance with Art. 6 (1) (b) GDPR.

After complete processing of your enquiry, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law in accordance with Art. 6 (1) (c) GDPR, unless you have expressly consented to further use of your data in accordance with Art. 6 (1) (a) GDPR or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this privacy policy.

3. Marketing via e-mail, mail, telephone

3.1 Email newsletter with subscription, newsletter tracking with separate consent

If you subscribe to our newsletter, we will regularly send you our email newsletter based on your consent according to Art. 6 (1) (a) GDPR, using the data required or disclosed by you separately for this purpose.

You can unsubscribe from the newsletter at any time. This can either be done by sending a message to the contact option described in this privacy policy or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your e-mail address from the list of recipients, unless you have expressly consented to the further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.

If you have additionally given us your consent in accordance with Art. 6 (1) 1 a GDPR to analyse our newsletter, we will also analyse your interaction with our newsletter by measuring, storing and evaluating opening rates and click-through rates for the purpose of designing future newsletter campaigns ("newsletter tracking").

For this evaluation, the emails sent contain single-pixel technologies (e.g. so-called web beacons, tracking pixels) that are stored on our website. For the evaluations, we link the following "newsletter data" in particular

  • the page from which the page was requested (so-called referrer URL),
  • the date and time of the request,
  • the description of the type of web browser used,
  • the IP address of the requesting computer,
  • the e-mail address,
  • the date and time of registration and confirmation

and the single-pixel technologies with your e-mail address or your IP address and, if applicable, an individual ID. Links contained in the newsletter may also contain this ID.

Unsubscribing from newsletter tracking is possible at any time and can be done either by sending a message to the contact option described or via a link provided for this purpose in the newsletter.

The information is stored for as long as you are subscribed to the newsletter.

3.2 Newsletter mailing

The newsletter and the newsletter tracking shown above may also be sent by our service providers as part of processing on our behalf. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

3.3 Sending newsletters to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we would like to contact you regularly by e-mail with offers for similar products or services from our range. In accordance with Section 7 (3) UWG, we are permitted to do this without your separate consent. Your data is processed exclusively on the basis of our legitimate interest in personalised direct advertising in accordance with Art. 6 para. 1 lit. f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will of course respect this and no e-mails will be sent. You have the option to object to the use of your email address for advertising purposes at any time, with effect for the future. You can do this simply by sending an e-mail to the aforementioned controller at datenschutz/at/dermasence/dot/de. The transmission costs incurred are limited to the basic tariffs. Once we have received your objection, we will immediately stop using your e-mail address for advertising purposes.

3.4 Postal advertising and your right to opt out

Furthermore, we reserve the right to use your first and last name and your postal address for our advertising purposes, e.g. for sending interesting offers and information about our products by post. This serves to safeguard our legitimate interests in promoting and advertising our products to customers according to Art. 6 (1) (f) GDPR that are overriding in the process of balancing of interests. You can opt out of the storage and use of your data for these purposes at any time by sending a message to the contact option specified below.

The advertisements are sent to you by our service provider who processes data on our behalf and to whom we disclose your data for this purpose.

3.4 Phone advertising

If you have given your consent in accordance with Art. 6 (1) (a) GDPR, we will use the data required for this purpose or provided separately by you for our own advertising purposes, e.g. to inform you about interesting offers and our products. You can withdraw your consent at any time, either by sending a message to the contact option described in this privacy policy or by verbal notification within each call. After withdrawal, we will delete your telephone number unless you have expressly consented to the further use of your data or we have reserved the right to use your data for other purposes that are permitted by law and about which we inform you in this privacy policy.

4. Information on third country transfer (data transfer to third countries)

We use technology from service providers on our website whose server locations may be in third countries outside the EU or EEA. This also includes the USA. If, as in the case of the USA, there is no adequacy decision by the EU Commission, an adequate level of data protection must be ensured by means of other suitable guarantees. The ECJ ruled in July 2020 that the Privacy Shield agreement between the EU and the US can no longer be used to transfer personal data to the US. This means that the sectoral adequacy decision has thus been repealed.

Suitable guarantees in the form of contractually agreed standard contractual clauses of the EU Commission or binding internal data protection rules (Binding Corporate Rules) are possible in principle, but require a prior review by the contracting parties as to whether an adequate level of protection can be guaranteed. According to the ECJ ruling, it may be necessary to take additional protective measures for this purpose.

In principle, we have agreed the standard data protection clauses issued by the EU Commission and still valid with the third-party technologies we use that process personal data in a third country such as the USA. Where possible, we also agree on additional safeguards to ensure that sufficient data protection is guaranteed in the USA or other third countries.

Notwithstanding this, it may happen that, despite all contractual and technical measures, the level of data protection in the third country does not correspond to that in the EU. For these cases, we might ask you, in the context of the cookie consent, for your consent in accordance with Art. 49 (1) (a) GDPR to the transfer of your personal data to a third country. This refers in particular to the transfer of data to the USA.

In particular, there is a risk that US authorities may not have sufficiently limited access rights to your personal data from an EU perspective without us as the data exporter or you as the data subject being aware of this and you may not have any legal remedies to prevent this or to take action against such access.

5. Cookies and further technologies

 General information

In order to make visiting our website attractive and to enable the use of certain functions, to display suitable products or for market research, we use technologies on various pages, including so-called cookies. Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us to recognise your browser during your next visit (persistent cookies).

 Protection of privacy for terminal devices

When you use our online services, we use technologies that are absolutely necessary in order to provide the telemedia service you have expressly requested. The storage of information in your terminal device or access to information that is already stored in your terminal device does not require consent in this respect.

For functions that are not absolutely necessary, the storage of information in your terminal device or access to information that is already stored in your terminal device requires your consent. Please note that if you do not give your consent, parts of the website may not be available for unrestricted use. Any consent you may have given will remain valid until you adjust or reset the respective settings in your terminal device.

Any downstream data processing through cookies and other technologies

In addition, we use technologies to fulfil the legal obligations, which we are subject to (e.g. to be able to prove consent to the processing of your personal data) as well as for web analysis and online marketing. Further information on this, including the respective legal basis for data processing, can be found in the following sections of this privacy policy.

You can find the cookies settings for your browser by clicking on the following links: Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

If you have consented to the use of the technologies in accordance with Art. 6 (1) (a) GDPR, you can withdraw your consent at any time by sending a message to the contact option described in the privacy policy or

How can I configure the cookie settings of my browser?

Each browser is different in the way it manages cookie settings. This is described in the help menu of each browser, which explains how to change your cookie settings. You can find these for each browser under the following links:
Microsoft Edge™ / Safari™ / Chrome™ / Firefox™ / Opera™

What types of cookies are being used?

Targeting cookies: These cookies record information about your visit to the website, previously viewed pages and links you clicked. We use this information to tailor our website and displayed ads to your interests.

Marketing Cookies: These cookies record information about your visit to the website, previously viewed pages and links you clicked. We use this information to tailor our website and displayed ads to your interests.

Essential cookies: These cookies are necessary to enable you to use our website. This includes e.g. cookies that enable you to log into the customer area or add items to your shopping cart.

Analytical / performance cookies: These cookies enable collecting anonymised data about user behaviour on our website. We analyse them e.g. to improve the functionality of our website and recommend you products that will be interesting to you.

Functional cookies: These cookies are used for certain features of our website, e.g. to improve the website’s navigation, or deliver to you customised and relevant information (e.g. ads that match your interests).

Cookie consent with CCM19 Cookie Consent Management

Our website uses the cookie consent management tool ‘CCM19’ to obtain your consent for necessary cookies and cookie-based applications and to document them in accordance with the GDPR. The provider of this technology is Papoo Software & Media GmbH - Dr Carsten Euwens, Auguststr. 4, 53229 Bonn, Germany (hereinafter referred to as CCM19).

When you visit our website, a banner appears that allows you to give your consent for certain cookies and cookie-based applications. As long as no consent is given, the cookie consent tool blocks the placement of necessary cookies. The tool collects certain user information when visiting our website, including the IP address, in order to assign page views to individual users and to log the consent settings made and save them during the session. This data is not forwarded to CCM19.

The data collected will be stored until you ask us to delete it. CCM19 will then delete the data manually or as soon as the purpose for storing the data no longer applies. Statutory retention periods remain unaffected by this.

The use of CCM19 cookie consent technology serves to obtain the legally required consents for the use of necessary cookies and cookie-based applications. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR.

We have concluded an order processing contract with CCM19, which obliges the service provider to protect your data and not to pass it on to third parties.

You can find more information here: https://www.ccm19.de/cookie-banner.html

​​​​​​​If you have consented to the use of the technologies in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, you can revoke your consent at any time by notifying us via the contact option provided in the privacy policy.

 

Cookie settings

Revoke consent to load third-party content:

 

6. Use of cookies and other technologies 

We use the following cookies and other third-party technologies on our website. Unless otherwise specified for the individual technologies, this is done on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. The data collected in this context will be deleted after the relevant purpose has been fulfilled and we have ended the use of the respective technology. You can withdraw your consent at any time with effect for the future. Further information on your withdrawal options can be found in the section "cookies and further technologies". Further information, including the basis of our cooperation with the service providers can be found within the respective technologies. If you have any questions about our service providers and the basis of our cooperation with them, please use the contact option described in this privacy policy.

6.1 Use of Google services

We use the following technologies of Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google technologies about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. Unless otherwise specified for the specific technologies, data processing is based on an agreement concluded for the respective technology between jointly responsible parties in accordance with Art. 26 GDPR. Further information about data processing by Google can be found in Google's privacy policy.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

 Google Analytics

For the purpose of website analysis, Google Analytics automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies may be used for this purpose. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then deleted immediately before the traffic is forwarded to further Google servers for processing. The data processing is carried out on the basis of an order processing agreement by Google.

For web analytics purposes, the extension function of Google Analytics Google Signals enables so-called "cross-device tracking". If your internet-enabled devices are linked to your Google Account and you have activated the "personalised advertising" setting in your Google Account, Google can generate reports on your usage behaviour (in particular cross-device user numbers), even if you change your device. We do not process personal data in this respect; we only receive statistics based on Google Signals.

For web analytics and advertising purposes, the extension function of Google Analytics enables the so-called DoubleClick cookie to recognize your browser when visiting other websites. Google will use this information to compile reports about your website activities and to provide other services related to the use of the website.

 Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be generated that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account.
 

 Google Ads

For advertising purposes in the Google search results as well as on the websites of third parties, the so-called Google Remarketing Cookie is used when you visit our website, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information as well as information on your use of our website), by means of a pseudonymous cookie ID and on the basis of the pages you visit. Any further data processing only takes place if you have activated the setting "personalised advertising" in your Google account. In this case, if you are logged into Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing.

For website analysis and event tracking, we use Google Ads Conversion Tracking to measure your subsequent usage behavior when you arrive on our website via a Google Ads ad. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration) may be collected, from which usage profiles are created using pseudonyms.

 Google Maps

For the visual representation of geographical information, Google Maps collects data on your use of the Maps functions, in particular the IP address and location data, and transmits this data to Google and then processes it by Google. We have no influence on this subsequent data processing.

 Google reCAPTCHA

For the purpose of protection against misuse of our web forms as well as against spam by automated software (so-called bots), Google reCAPTCHA collects data (IP address, time of visit, browser information as well as information on your use of our website) and performs an analysis of your use of our website by means of a so-called JavaScript and cookies. In addition, other cookies stored in your browser by Google services are evaluated. Personal data is not read out or stored from the input fields of the respective form.

Google Tag Manager

By means of the Google Tag Manager, we can manage various codes and services on our website. When implementing the individual tags, Google may also process personal data (e.g. IP address, online identifiers (including cookies)). The data processing is carried out on the basis of an order processing agreement by Google.

By using the Google Tag Manager, a simplified integration of various services/technologies can be achieved.

If you do not wish to use individual tracking services and have therefore deactivated them, the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.

 YouTube Video Plugin

In order to integrate third party content, data (IP address, time of visit, device and browser information) are collected via the YouTube Video Plugin in the expanded data protection mode used by us, transmitted to Google and then processed by Google only when you play a video.

6.2 Use of Microsoft services

We use the technologies of Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (hereafter "Microsoft"). The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. The information automatically collected by Microsoft technologies about your use of our website is usually transferred to a server of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA and stored there. For more information about Microsoft's data processing practices, please see Microsoft's privacy policy.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

 Microsoft Advertising

For advertising purposes in the Bing, Yahoo and MSN search results as well as on the websites of third parties, the so-called Microsoft Advertising Remarketing Cookie is used when you visit our website, which automatically enables interest-based advertising through the collection and processing of data (IP address, time of visit, device and browser information as well as information on your use of our website) and by means of a pseudonymous cookie ID and based on the pages you visit.

For website analytics and event tracking purposes, we use Microsoft Advertising Universal Event Tracking (UET) to measure your subsequent usage behavior when you arrive on our website via a Microsoft Advertising ad, from which usage profiles are generated using pseudonyms. For this purpose, cookies may be used and data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration) may be collected, from which user profiles are created using pseudonyms. As long as your Internet-enabled devices are linked to your Microsoft account and you have not disabled the "Interest-based Advertising" setting in your Microsoft account, Microsoft can generate reports on usage behavior (especially cross-device user numbers), even if you change your device, so-called "cross-device tracking". In this respect, we do not process personal data, we only receive statistics based on Microsoft UET.

Microsoft Forms

We use the "Microsoft Forms" tool to conduct anonymous surveys and polls.

Please note that this data protection information only covers the processing of your personal data by us in the context of the use of Microsoft Forms. Information on the processing of your data by Microsoft can be found in the corresponding Microsoft statement under the following links:

Microsoft Service Agreement

Security and data protection in Microsoft Forms  

When using Microsoft Forms, various types of data are processed, depending on the information you provide when participating in surveys or polls. This includes:

  • User name, display name, e-mail address
  • Preferred language
  • Date and time of opening the questionnaire
  • Date and time of sending the response

The information you provide in surveys is survey-specific. You yourself decide which personal data you enter in response fields.

Our interest at Medicos Kosmetik GmbH & Co. KG is to collect information to improve service, offers and products and to increase customer satisfaction and employee satisfaction. Participation in surveys and polls is always voluntary.

6.3 Use of Facebook services

Use of Facebook Pixel 

We use the Facebook pixel within the framework of the technologies of Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Irland (hereafter („Facebook (by Meta)“ or “Meta Platforms Ireland“) as described below. The Facebook pixel is used to automatically collect and store data (IP address, time of visit, device and browser information as well as information on your use of our website based on events specified by us, such as a visit to a website or newsletter registration), from which user profiles are created using pseudonyms. As part of the so-called advanced matching, information is also collected and stored hashed for matching purposes, with which individuals can be identified (e.g. names, e-mail addresses and telephone numbers). For this purpose, a cookie is automatically set by the Facebook pixel when you visit our website, which automatically enables recognition of your browser when visiting other websites by means of a pseudonymous cookie ID. Facebook (by Meta) will combine this information with other data from your Facebook account and use it to compile reports on website activities and to provide other services associated with website use, in particular personalised and group-based advertising. We have no influence on data processing by Facebook and only receive statistics based on Facebook pixels.


The information automatically collected by Facebook (by Meta) technologies about your use of our website is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Further information about data processing by Facebook can be found in Facebook 's (by Meta) privacy policy. Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina. The adequacy decision for the USA applies as the basis for third country transfers, provided that the respective service provider is certified. Certification is available. Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico. There is no European Commission adequacy decision for this country/these countries. Our cooperation is based on these guarantees: Standard data protection clauses of the European Commission.

Facebook Analytics

As part of Facebook Analytics, the statistics created via Facebook pixels enable us to analyse visitor activity on our website. This serves the optimal presentation and marketing of our website.

Facebook Ads (Ad manager)

We use Facebook Ads to promote this website on Facebook (by Meta) and other platforms. We determine the parameters of the respective advertising campaign. Facebook (by Meta) is responsible for the exact implementation, in particular the decision on the placement of the ads with individual users.

Based on the statistics about visitor activity on our website created via Facebook pixels, we operate group-based advertising on Facebook (by Meta) via Facebook Custom Audience by determining the characteristics of the respective target group. As part of the advanced matching (see above) that takes place to determine the respective target group, Facebook (by Meta) acts as our data processor.

The following data is collected and processed with the help of ‘Facebook Custom Audiences’ / ‘Meta-Pixel’:

- Viewed content

- Views and interactions with content and adverts and services

- User agent

- Browser information

- Browser type

- Cookie ID

- Device information

- Success of marketing campaigns

- Facebook user ID

- Facebook cookie information

- Geographic location

- Device operating system

- Hardware/software type

- Information from third-party sources

- IP address

- Non-sensitive user-defined data

- Usage data/user behaviour

- Pixel ID

- Pixel-specific data

- Referrer URL

- Social media friend network

- Transaction information

- Conversions

The legal basis for the processing of your data is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time by clicking on the corresponding button in section 5 Cookies.

If you have a Facebook account, you can also deactivate the ‘Custom Audiences’ remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.

Facebook and Meta Platforms also process your data in the USA. Meta is an active participant in the EU-US Privacy Framework and uses standard contractual clauses to ensure the correct and secure transfer of data from EU citizens to the USA. Facebook also undertakes to comply with the European level of data protection through the EU-US Privacy Framework.

You can find more detailed information on Facebook's data protection conditions and standard contractual clauses here https://www.facebook.com/legal/terms/dataprocessing.

The personal data is stored for as long as it is required to fulfil the purpose of processing. The data is deleted as soon as it is no longer required to fulfil the purpose.

On the basis of the pseudonym cookie ID used by the Facebook pixel and the collected data about your usage behavior on our website, we operate personalized advertising via Facebook Pixel Remarketing.

Via Facebook Pixel Conversions we measure your subsequent usage behavior for web analytics and event tracking purposes if you have reached our website via a Facebook Ads ad.

6.4 Other providers of web analytics – and online-marketing-services

 Use of Matomo as a software solution for web analytics

For the purpose of web analytics, the software Matomo of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand automatically collects and stores data (IP address, time of visit, device and browser information as well as information on your use of our website), from which user profiles are created using pseudonyms. Cookies may be used for this purpose. The pseudonymised user profiles will not be merged with personal data about the bearer of the pseudonym without explicit consent of the user, which must be given separately. The data processing by Matomo takes place on our servers.

Use of Hotjar for web analytics

For the purpose of web analytics, technologies of Hotjar Ltd, Dragonara Business Centre 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (hereinafter "Hotjar") are used to automatically collect and store data (IP address, time of visit, device and browser information as well as information on your use of our website), from which user profiles are created using pseudonyms.

Hotjar is a tool for analysing your user behaviour on our website. Hotjar enables us to record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you remain with the mouse pointer in a certain position. Hotjar uses this information to create so-called heat maps, which can be used to determine which website areas are favoured by website visitors.

We can also determine how long you stayed on a page and when you left it. We can also determine at which point you cancelled your entries in a contact form (so-called conversion funnels).

Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They are used to make our website more user-friendly, effective and secure. In particular, these cookies can be used to determine whether our website has been visited with a specific end device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your device until you delete them.

The use of Hotjar and the storage of Hotjar cookies is based on Art. 6 para. 1 lit. a GDPR.

Deactivating Hotjar

If you wish to deactivate data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out

Please note that Hotjar must be deactivated separately for each browser or end device.

For more information about Hotjar and the data collected, please refer to Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy

Contract for order processing

We have concluded an order processing contract with Hotjar in order to implement the strict European data protection regulations.

Use of VWO to carry out webite tests

For the purpose of analysing and evaluating the use of our website, we use the VWO service from Wingify. Wingify Software Pvt. Ltd. is a company based in India (KLJ TOWER, 1104, North, Netaji Subhash Place, Pitam Pura, Delhi, 110034). VWO also processes the data in the USA, among other places. We would like to point out that there is no adequate level of protection for the transfer of data to third countries. This could entail various risks for the lawfulness and security of data processing. The so-called standard contractual clauses form the basis for data processing.

We use VWO to control tests (so-called A/B tests, split tests and multi-variant tests) in order to understand the effects of adjustments to the user interface. We also use the Heatmaps and Session Recordings modules. We use VWO's technology to better understand the needs of our users and to optimise the offering and user experience on our website.

In this context, we process the following data, among others:

- the history data of mouse movements

- the buttons clicked

- the extent of scrolling

- the IP address of the device used

- the screen size of the device used

- Device type (unique device identifiers) and browser details

- Geographical location (country)

- the preferred language in which our website is displayed

- Date and time of the visit to the website

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a GDPR (consent). You can revoke your consent at any time by clicking on the corresponding button under section 5 Cookies.

Deactivating VWO

Alternatively, you can prevent the collection of your data by VWO altogether by deactivating the tool via VWO's opt-out page: https://vwo.com/opt-out/.

You can view the privacy policy of Wingify Software Pvt. Ltd. here: https://vwo.com/privacy-policy/.

Use of contentbird to creative interactive contents formats

On our website, we use ‘contentbird convert’, a service provided by contentbird GmbH based in Berlin, Germany, to create interactive content formats. When using this function, personal data may be collected, including the date and time of the visit, user behaviour, contact details, user responses, referrer URL, web request and IP address (anonymised). This data is used to measure the performance of the format and the campaign as well as for contact data collection and participant surveys. Both we and contentbird GmbH receive and process this data. contenbird GmbH processes the data as part of order processing in accordance with the GDPR. The service provider is strictly bound by our instructions and contractually obliged accordingly. The service does not transfer any data to third countries.

In addition, the service stores information on your end device by making an entry in the browser's local storage. This entry is set when you interact with the interactive graphic in order to store information about which hotspots have already been used so that they can be highlighted accordingly when you visit again. The duration of this entry is unlimited. If you consent to the processing of your data, this is done exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TTDSG. You can revoke your consent at any time by clicking on the corresponding button under 5. cookies.

Further information on contenbird Convert and the privacy policy of contentbird GmbH can be found at the following links: https://de.contentbird.io/ und https://de.contentbird.io/datenschutz.

Use of LoyJoy to improve our online offer

To improve our offer, we use the chatbot of our service provider LoyJoy GmbH, Kapuzinerstr. 20, 48149 Münster.

If no consent is given, no personal data is collected by the chatbot and forwarded to us. The chatbot only records anonymised, general usage figures, such as the number of product retrievals. The skin characteristics you enter are only stored temporarily in the browser and processed by the LoyJoy servers, but without being saved, in order to enable the assigned products to be displayed.

If you consent to transmission to Google Analytics, the IP address, time of the visit and device and browser information will be recorded. Furthermore, when you click on a product link, information is transmitted to Google Analytics about which link was clicked on and when.

This processing is based on your consent in accordance with Art. 6 (1) a) GDPR. You have the option to withdraw your consent at any time.

Further information on the use of Google Analytics can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de

LoyJoy uses services from ‘Cloudflare’ (provider: Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA). Cloudflare operates a content delivery network (CDN) and provides protection functions for the LoyJoy web application (web application firewall). The data transfer between the browser and the LoyJoy servers flows via the Cloudflare infrastructure and is analysed there in order to ward off attacks. The use of Cloudflare is in the interest of secure use of LoyJoy and defence against harmful attacks from outside.

This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Further information can be found in the Cloudflare privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

Use of Vimeo video plugin for integration of third-party content

For the purpose of integrating third-party content, data (IP address, time of visit, device and browser information) is collected via the video plugin by Vimeo Inc., 330 West 34th Street, 5th Floor, New York 10011, USA (hereafter "Vimeo"), transmitted to, and then processed by Vimeo. The data processing is carried out on the basis of an agreement between jointly responsible parties in accordance with Art. 26 GDPR. Google Analytics is automatically integrated into the Vimeo video plugin. For the purpose of web analytics, Google Analytics automatically collects and stores data (IP

address, time of visit, device and browser information, as well as information on your use of our website), from which usage profiles are created using pseudonyms. Cookies can be used for this purpose. Google Analytics is an offer from Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The information automatically collected by Google about your use of our website is usually transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there. If you visit our website from the EU, your IP address will be stored on a server located in the EU to derive location data and then deleted immediately before the traffic is forwarded to further Google servers for processing. We have no influence and access to the data processing by Vimeo, including the settings and results of Google Analytics.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

7. Promotions (e.g. product tects)

 Purpose/Information

If you participate in our "DERMASENCE Product Check" product test or other campaigns, your personal data will be used to implement the respective campaign. You will receive detailed information in the respective conditions of participation valid for the campaign.

The provision of personal data is necessary for the conclusion of a contract. You are not obliged to provide your personal data, however, if you do not provide it, the respective promotion cannot be carried out.

Further information can be found in the respective conditions of participation.

 Recipients

The collected data is passed on for processing to internal departments and, if necessary, to external service providers or order processors (e.g. shipping service providers) for the respective necessary purposes.

 Deletion

After final processing of the respective promotion, your personal data will be deleted (see respective conditions of participation), unless this is required by legal retention periods or statute of limitations.
 

8. Social Media

Our online presence on Facebook (by Meta), Twitter, Youtube, Instagram (by Meta), Pinterest, Xing, LinkedIn

If you have given your consent to the respective social media provider in accordance with Art. 6 (1) (a) GDPR, when you visit our online presence on the social media mentioned above, your data will be automatically collected and stored for market research and advertising purposes, from which user profiles are created using pseudonyms. These can be used, for example, to place advertisements within and outside the platforms that presumably correspond to your interests. Cookies are usually used for this purpose. For detailed information on the processing and use of data by the respective social media provider, as well as a contact option and your rights and settings options for the protection of your privacy, please refer to the provider's privacy policies linked below. Should you still require assistance in this regard, please contact us.

Facebook (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Facebook (by Meta) is usually transferred to a server of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA and stored there. Data processing in the context of a visit to a Facebook (by Meta) fan page is based on an agreement between joint controllers in accordance with Art. 26 GDPR. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina.

The adequacy decision for the USA applies as the basis for third country transfers, provided that the respective service provider is certified. {7a73022c-4813-4c39-b31b-dfde5a1aeb7a{7e2084cd-d3bd-4d14-b80f-efdbe61848e1} Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico.
There is no adequacy decision for these countries by the European Commission. Our cooperation with them is based on these safeguards:  Standard data protection clauses of the European Commission.

Twitter is provided by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"). The information automatically collected by Twitter about your use of our online presence on Twitter is generally transmitted to and stored on a server at Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. There is no adequacy decision for the United States by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Instagram (by Meta) is provided by Meta Platforms Ireland Ltd., Block J, Serpentine Avenue, Dublin 4, Ireland (hereafter "Meta Platforms Ireland ") The information automatically collected by Meta Platforms Ireland about your use of our online presence on Instagram is typically transferred to and stored on a server at Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA. Data processing in the context of a visit to an Instagram (by Meta) fan page is based on an agreement between joint controllers in accordance with art. 26 DSGVO. Further information (information on Insights data) can be found here.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA, Canada, Japan, South Korea, New Zealand, United Kingdom, Argentina:

The adequacy decision for the USA applies as the basis for third country transfers, provided that the respective service provider is certified. Certification is available.

Our service providers are located and/or use servers in these countries: Australia, Hong Kong, India, Indonesia, Malaysia, Singapore, Thailand, Taiwan, Brazil, Mexico:
There is no adequacy decision for these countries by the European Commission. Our cooperation with them is based on these safeguards:  Standard data protection clauses of the European Commission.

YouTube is provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (hereafter "Google"). The information automatically collected by Google about your use of our online presence on YouTube is generally transferred to a server of Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA and stored there.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

Pinterest is provided by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland (hereafter "Pinterest"). The information automatically collected by Pinterest about your use of our online presence on Pinterest is usually transferred to and stored on a server of Pinterest, Inc, 505 Brannan St, San Francisco, CA 94107, USA.

Our service providers are located and/or use servers in countries outside the EU and the EEA for which the European Commission has established by decision an adequate level of data protection.

Our service providers are located and/or use servers in countries outside the EU and the EEA. For these countries there is no adequacy decision by the European Commission. Our cooperation is based on standard data protection clauses adopted by the European Commission.

LinkedIn is provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland ("LinkedIn"). The information LinkedIn automatically collects about your use of our online presence on LinkedIn is generally sent to a server at LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA and stored there.

Our service providers are located and/or use servers in the following countries, for which the European Commission has established an adequate level of data protection by decision: USA.

The adequacy decision for the USA applies as the basis for third country transfers, provided that the respective service provider is certified. Until certification by our service providers, the data transfer continues to be based on this basis: standard data protection clauses of the European Commission.

Xing is provided by New Work SE, Am Strandkai 1, 20457 Hamburg, Germany.

TikTok Business Profile

We use the technical services and infrastructure (platform) of ‘TikTok Technology Limited’, based at 10 Earlsfort Terrace, Dublin, D02 T380, Ireland (hereinafter referred to as ‘TikTok’), to create and maintain our TikTok business profile and our TikTok page. This is used for product advertising, the implementation of campaigns and communication with our customers and interested parties.

For this purpose, we offer various functions for interaction and contact. You have the option of reacting to our videos, leaving comments, liking and sharing them. You can also contact us via the direct message function. Please note that, depending on your account settings on the TikTok platform, all personal information from your account may be publicly visible to third parties when you interact with our site, a flow of information over which we have no control.

TikTok automatically collects information about you when you use the app or are logged in and processes it on its servers worldwide. This information is necessary to enable functions such as direct messages or interaction on our site. As part of the processing, TikTok uses subcontractors such as Facebook and Google. It is possible that your personal data may be transferred, in particular to China, the USA or another third country for which there is no adequacy decision by the EU Commission.

The list of personal data collected includes, among other things

- IP address

- Date and time of the server request

- Time zone difference

- Content of the request (specific browser or app function)

- Access status

- Amount of data transferred

- Browser or app

- Device type

- Operating system used and its interface (e.g. Android or iOS)

- Language and version of the operating system and device identifiers

We have no influence on the processing by TikTok and the storage period of your personal data that is published as part of our campaigns or on our TikTok page. TikTok is solely responsible for this. Information on what data TikTok collects about you and how it is processed can be found at the following link: TikTok privacy policy

Our TikTok presence aims to bring company information to the right target groups in a targeted manner. Social media use is widespread in the EU and in 2019, 54% of people aged 16 to 74 were actively engaged on social networks. This participation rate is rising continuously. It should be noted that the increasing concentration in social media markets and the targeting of users can also increase the risks to the rights and freedoms of a significant number of people. For example, certain social media providers may be able to combine a larger amount and variety of personal data on their own or in cooperation with other companies.

We process your personal data on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR and our legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest lies in responding to your enquiries and interacting with you in the context of social media marketing, which is made possible by your active contact and clicks on our content.

If you contact us directly via the direct message function, for example to ask questions about our products, we process your TikTok user name and other data in order to be able to fulfil your communication requests.

In the course of our campaigns, we may regularly publish public content such as stories, videos or posts, provided they are directly addressed to us or mention our product range. We process content as part of this correspondence in order to be able to respond to it and maintain our presence on the platform. In addition, we may contact individual TikTok users to assist them with product fulfilment or to respond to low ratings in order to improve our products.

The legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in maintaining and constantly improving public communication with our profile visitors (customers, interested parties, etc.) and thus proactively demonstrating our presence on the relevant market.

We delete the personal data of TikTok users concerned in connection with the processing in accordance with Art. 17 para. 1 lit. a GDPR as soon as it is no longer required for the purposes of the processing or the objective has been achieved. Alternatively, we restrict the processing of your data to compliance with mandatory statutory retention obligations, insofar as such an obligation exists in accordance with Art. 17 para. 3 lit. b. You have the option of deleting content that you have published on our TikTok profile yourself at any time.

You can object to the processing in accordance with Art. 21 GDPR. You have the right to object on grounds relating to your particular situation.

 

9. Contact options and your rights

9.1 Your rights

Being the data subject, you have the following rights according to:

  • art. 15 GDPR, the right to obtain information about your personal data which we process, within the scope described therein;
  • art. 16 GDPR, the right to immediately demand rectification of incorrect or completion of your personal data stored by us;
  • art. 17 GDPR, the right to request erasure of your personal data stored with us, unless further processing is required
    • to exercise the right of freedom of expression and information;
    • for compliance with a legal obligation;
    • for reasons of public interest or
    • for establishing, exercising or defending legal claims;
  • art. 18 GDPR, the right to request restriction of processing of your personal data, insofar as
    • the accuracy of the data is contested by you;
    • the processing is unlawful, but you refuse their erasure;
    • we no longer need the data, but you need it to establish, exercise or defend legal claims, or
    • you have lodged an objection to the processing in accordance with art. 21 GDPR;
  • art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller;
  • art. 77 GDPR, the right to complain to a supervisory authority . As a rule, you can contact the supervisory authority at your habitual place of residence or workplace or at our company headquarters.

Right to object
If we process personal data as described above to protect our legitimate interests that are overriding in the process of balancing of interests, you may object to such data processing with future effect. If your data are processed for direct marketing purposes, you may exercise this right at any time as described above. If your data are processed for other purposes, you have the right to object only on grounds relating to your particular situation.

After you have exercised your right to object, we will no longer process your personal data for such purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

This does not apply to the processing of personal data for direct marketing purposes. In such a case we will no longer process your personal data for such purposes.

9.2 Contact options

Data protection Officer:
Herr Said-Elham Sadat / DSB Münster GmbH
Martin-Luther-King-Weg 42 - 44
48155 Münster
Germany+49 (0) 251 718 79 - 110
ssadat@dsb-ms.de

If you have any questions about how we collect, process or use your personal data, want to enquire about, correct, restrict or delete your data, or withdraw any consents you have given, or opt-out of any particular data use, please contact us directly using the contact data provided in our supplier identification.

Datenschutzerklärung erstellt mit dem Trusted Shops Rechtstexter

 

InstagramFacebookYouTubePinterestXINGLinkedIn