The use of our website is usually possible without providing personal data. Insofar as personal data (e.g. name, address or e-mail addresses) is collected on our pages, this is always done on a voluntary basis as far as possible. This data will not be passed on to third parties without your explicit consent.
We would like to point out that data transmission over the Internet (e.g. communication by e-mail) can be subject to security vulnerabilities. The complete protection of data against access by third parties is impossible.
1. Definitions of terms
a) Personal data
Personal data within the meaning of Art. 4 of the EU Basic Data Protection Regulation (GDPR) is all information relating to an identified or identifiable natural person, e.g. Name, address, e-mail addresses etc.
b) Data subject
Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any operation or set of operations which is performed with or without the aid of automated processes and which is related to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or integration, limitation, erasure or destruction.
d) Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by European Union law or by the laws of the Member States, the controller or the specific criteria for his nomination may be laid down by European Union law or by the laws of the Member States.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in a particular case, in the form of a statement or other unequivocal affirmative act, indicating that he or she consents to the processing of his or her personal data.
2. Name and address of the controller
The person responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
P&M Cosmetics GmbH & Co. KG
3. Data protection officer’s contact details
Herr Christoph Berdelmann
DSB Münster GmbH
Martin-Luther-King-Weg 42 - 44
Tel.: 0251-718 79-110
4. Storage of access data in server log files
You can visit our website without giving any personal information. We only store access data in so-called server log files, such as the name of the requested file, the date and time of access, the volume of data transferred and the requesting provider. This data is used solely to ensure the trouble-free operation of the site and to improve our offers, and cannot be traced back to you.
6. Registration on our website
The data subject shall have the possibility of registering on the controller’s website by providing personal data. The personal data transmitted to the data controller is determined by the respective input screen used for registration. The personal data entered by the data subject shall be collected and stored solely for internal use by the controller and for its own purposes. The controller may arrange for the data to be disclosed to one or more processors, such as a parcel service provider, who will also use the personal data solely for internal purposes attributable to the controller.
By registering on the controller’s website, the IP address assigned to the data subject by the Internet service provider (ISP), the date and time of registration are also stored. The context of this data storage is such that it is only in this way that misuse of our services can be prevented, whereby, if necessary, this data will serve to clarify committed offences. In this respect, it is necessary to store this data to protect the controller. This data will not be passed on to third parties unless there is a legal obligation to do so or unless the data is used for criminal prosecution.
The registration of the data subject by voluntarily providing personal data is intended to enable the controller to provide the data subject with content or services which, by their nature, can only be provided to registered users. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the data controller.
The controller shall, at any time upon request, provide information to each data subject as to which personal data about the data subject is stored. Furthermore, the data controller shall correct or delete personal data at the request or notice of the data subject, provided that there is no legal obligation to retain the data in question. All of the controller’s staff shall be available to the data subject as contact persons in this context.
7. Contact form
If you use our contact form to send us an inquiry, the details you enter on the form, including the contact details entered, will be stored by us for the purpose of dealing with your inquiry and in case of any follow-up questions. We will not share this data without your permission.
8. Product reviews
Users have the opportunity to submit reviews of the products. It is our legitimate interest for users to share their opinions about products.
Your review will be published with your given username in the post. Entering a name is optional - it is not a mandatory field. We recommend that you use a pseudonym instead of your real name when giving a name. The reviews will be checked before publication. We reserve the right to delete comments if they are objected to by third parties as unlawful.
9. Routine deletion and blocking of personal data
The controller shall process and store the personal data of the data subject only for the period of time necessary to achieve the storage purpose or where provided for by the EU regulatory authority or another legislator of laws or regulations to which the controller is subject.
If the storage purpose no longer applies or if a storage period prescribed by the EU regulatory authority or another competent legislator expires, the personal data shall be blocked or deleted routinely and in accordance with the statutory provisions.
10. Newsletter data
If you would like to receive our newsletter, we require a valid email address as well as information which allows us to verify that you are the owner of the email address provided and that you agree to receive this newsletter. All mandatory information in the newsletter registration form are marked with * and all other information is optional. We use this data exclusively for the delivery of the requested information and do not pass it on to third parties.
You can revoke your consent to the storage of data, the e-mail address and its use for sending the newsletter at any time, for example via the unsubscribe function in the newsletter.
11. Rights of the data subject
- a) Right of confirmation
Every data subject shall have the right, granted by the EU regulatory authority, to obtain from the controller confirmation as to whether personal data relating to him or her is being processed. If a data subject wishes to exercise this right of confirmation, they can contact the controller’s staff at any time.
- b) Right to information
Any person affected by the processing of personal data shall at any time have the right, granted by the EU regulatory authority, to obtain from the controller information free of charge concerning the personal data stored about him and a copy of that information. In addition, the EU regulatory authority has provided the data subject with the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
- if possible, the envisaged duration for which the personal data will be stored or, if this is not possible, the criteria for determining such duration
- the existence of a right of rectification or erasure of personal data relating to him or her or of a restriction on the processing by the controller or of a right to object to such processing
- the existence of a right of appeal to a supervisory authority
- where the personal data is not collected from the data subject: All available information about the origin of the data
- the existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
Furthermore, the data subject has a right to information as to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees in connection with the transfer.
If a data subject wishes to avail himself of this right to information, he may, at any time, contact the controller’s staff.
- c) Right to rectification
Any person affected by the processing of personal data has the right granted by the EU regulatory authority to demand the immediate correction of inaccurate personal data concerning him. Furthermore, the data subject shall have the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, he may at any time contact the controller’s staff for this purpose.
- d) Right to deletion (right to be forgotten)
Any person affected by the processing of personal data has the right granted by the EU regulatory authority to demand that the data controller delete the personal data concerning him immediately, if one of the following reasons applies and if the processing is not necessary:
- The personal data has been collected or otherwise processed for purposes for which they are no longer necessary.
- The data subject withdraws his consent on which the processing was based pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
- The data subject objects to the processing under Article 21(1) GDPR and there are no overriding legitimate reasons for the processing or the data subject objects to the processing under Article 21(2) GDPR.
- The personal data have been unlawfully processed.
- The deletion of the personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the controller is subject.
- The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.
If one of the above reasons applies and a data subject wants personal data stored at P&M Cosmetics GmbH & Co. KG to be deleted, he can contact the data controller’s staff at any time. The employee of P&M Cosmetics GmbH & Co. KG will arrange for the request for deletion to be complied with immediately.
If the personal data has been made public by P&M Cosmetics GmbH & Co. KG and if our company is obliged to delete the personal data in accordance with Art. 17 para. 1 GDPR, P&M Cosmetics GmbH & Co. KG, taking into account the available technology and implementation costs, shall take appropriate measures, including technical measures, to inform other persons responsible for data processing who process the published personal data that the data subject has requested the deletion of all links to this personal data or copies or replications of this personal data by these other persons responsible for data processing, insofar as processing is not necessary. The employee of P&M Cosmetics GmbH & Co KG will take the necessary steps in individual cases.
- e) Right to limitation of processing
Any person affected by the processing of personal data has the right granted by the EU Regulator to demand that the data controller restrict processing if one of the following conditions is met:
- The accuracy of the personal data is disputed by the data subject for a period of time which enables the data controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject refuses the deletion of the personal data and instead requests the restriction of the use of the personal data.
- The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the assertion, exercise or defence of legal claims.
- The data subject has lodged an objection against the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject.
If one of the above conditions is met and a data subject wishes to request the limitation of personal data stored at P&M Cosmetics GmbH & Co. KG, he or she can contact the data controller’s staff at any time. An employee of P&M Cosmetics GmbH & Co KG will arrange for the processing to be restricted.
- f) Right to data transfer
Every person affected by the processing of personal data has the right granted by the EU Regulator to receive the personal data that concerns him, which has been provided to a data controller by the data subject, in a structured, common and machine-readable format. It also has the right to communicate this data to another controller without being hindered by the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract pursuant to Art. 6 (1)(b) GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising his right to data transferability pursuant to Art. 20 (1) GDPR, the data subject shall have the right to assurance that the personal data be transferred directly from one date controller to another data controller, insofar as this is technically feasible and insofar as this does not impair the rights and freedoms of other persons.
In order to assert the right to data transferability, the data subject may at any time contact an employee of P&M Cosmetics GmbH & Co. KG.
- g) Right of objection
Any person affected by the processing of personal data has the right granted by the EU Regulator to object at any time to the processing of personal data concerning him for reasons arising from his particular situation, which takes place on the basis of Art. 6 (1)(e) or (f) GDPR. This also applies to profiling based on these provisions.
P&M Cosmetics GmbH & Co. KG will no longer process the personal data in the event of an objection, unless we can prove compelling reasons for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing serves the assertion, exercise or defence of legal claims.
If P&M Cosmetics GmbH & Co. KG processes personal data for the purpose of direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If the data subject objects to the processing of personal data by P&M Cosmetics GmbH & Co. KG for the purposes of direct marketing, P&M Cosmetics GmbH & Co. KG will no longer process the personal data for these purposes.
In addition, the data subject has the right, for reasons arising from his/her particular situation, to object to the processing of personal data concerning him/her by P&M Cosmetics GmbH & Co. KG for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task in the public interest.
To exercise the right to object, the data subject may directly contact any employee of P&M Cosmetics GmbH & Co. KG or another employee. The data subject shall also be free to exercise his right of objection in relation to the use of information company services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
- h) Automated decisions in individual cases, including profiling
Any data subject to the processing of personal data shall have the right, granted by the EU Regulator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects upon him/her or significantly affects him/her in a similar manner, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller, or (2) is authorised by EU or national law or by the Member States to which the data controller is subject and which provides for adequate measures to safeguard the rights and freedoms and the legitimate interests of the data subject, or (3) is taken with the express consent of the data subject.
If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is taken with the express consent of the data subject, P&M Cosmetics GmbH & Co. KG shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, which includes at least the right to obtain the intervention of a person on the part of the data controller, to state his or her point of view and to challenge the decision.
If the data subject wishes to assert rights with regard to automated decisions, he/she may at any time contact the data controller's staff for this purpose.
- i) Right to revoke consent under data protection law
Any person affected by the processing of personal data has the right granted by the EU Regulator to revoke consent to the processing of personal data at any time.
If the data subject wishes to exercise his/her right to revoke his/her consent, he/she may at any time contact the data controller's staff.
If you choose to participate in any of our competitions, you must provide certain personal information. In accordance with the principle of data economy and data avoidance, we only collect the personal data required for this purpose and use it exclusively for the purpose of conducting the competition.
13. Use of Google Analytics for web analysis
14. Pharmacy Finder and Google Maps
With our pharmacy finder you can find a pharmacy with DERMASENCE products in your area. When you call up the page https://www.dermasence.de/apothekenfinder you will be asked if we can collect your location data. If you agree, it will be collected by Google Maps and you will be shown the pharmacy closest to your location. You can also enter the postal code, street or city in the input field. Then you will be shown the nearest pharmacy. When you visit this website, Google is notified that you have accessed the corresponding sub-page of our website. In addition, according to our knowledge, the following information is transmitted to Google: Date and time of visit to the website in question, Internet address or URL of the website accessed and the access device’s IP address. This happens regardless of whether Google provides a user account through which you are logged in or if no user account exists. If you are logged into Google, your data is directly assigned to your account. If you do not wish to be associated with your profile when using Google, you must first log out before clicking the button. Google stores your data as usage profiles and uses it for the purposes of advertising, market research and/or requirements-oriented design of its website. Such an assessment takes place in particular (even for users who are not logged in) for the purpose of providing appropriate advertising. You have the right to object to the creation of these user profiles. You must contact Google to exercise this right.
The data controller has integrated YouTube components on this website. YouTube is an Internet video portal that allows video publishers to post video clips and other users to view, rate and comment on them free of charge. YouTube allows the publication of all types of videos, which is why complete film and television programmes as well as music videos, trailers or videos made by users themselves can be accessed via the Internet portal.
YouTube's operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Each time a YouTube component (YouTube video) that has been integrated into one of the individual pages of this Internet site, which is operated by the data controller, the Internet browser on the data subject’s IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google obtain information about which specific subpage of our website is visited by the data subject.
If the data subject is logged in to YouTube at the same time, YouTube recognises which specific subpage of our website the data subject is visiting by calling up a subpage containing a YouTube video. This information will be collected by YouTube and Google and associated with the affected person's YouTube account.
YouTube and Google will always receive information through the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube at the time of access to our website; this happens regardless of whether the person clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is not intended by the data subject, that person may prevent the transmission by logging out of his/her YouTube account before accessing our website.
The data protection regulations published by YouTube, which can be accessed at www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube.