VII Facebook, Custom Audiences and Facebook marketing services
Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are a resident of the EU, Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used for the analysis, optimization and economic operation of our online offer.
With the help of the Facebook pixel, it is possible for Facebook, on the one hand, to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook pixel is integrated by Facebook after your consent and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, the visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not offer us any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes as part of the pixel process, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of establishing a match with the data equally encrypted by Facebook. The legal basis for the use of Facebook Pixel is Art. 6 para. 1 lit. a DSGVO.
The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details about the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can also change the use of cookies by setting your browser software accordingly or in the cookie settings. To set which types of advertisements are displayed to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are done in a platform-independent manner, i.e. they are applied to all devices, such as desktop computers or mobile devices.
VIII Integration of Google Maps
(1) We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. These are integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to Google if you do not call up the maps. Only when you give your consent and call up the maps will the data mentioned in paragraph 2 be transferred. We have no influence on this data transmission.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under IV of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. a DSGVO.
(3) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on the purpose and scope of the data collection and its processing by the provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
If you do not want Google to collect, process or use data about you via our website, you can deactivate this in your browser settings. In this case, however, you will not be able to use our website or only to a limited extent. You can revoke your consent to the storage of your personal data at any time with effect for the future.
IX. Use of Google Tag Manager
(1) We use the Google Tag Manager on our website.
(2) The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it.
In particular, the following personal data is processed by the Google Tag Manager:
Online identifiers (including cookie identifiers).
IP address
(3) In addition, you can find more detailed information about the Google Tag Manager on the websites https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ as well as at https://www.google.com/intlde/policies/privacy/index.html under the section "Data we receive based on your use of our services".
(4) Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager. Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. a DSGVO.
(5) If you have deactivated individual tracking services (for example by rejecting a cookie), the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.
(6) By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. Furthermore, the integration of the Google Tag Manager optimises the loading times of the various services.
(7) You can also change the use of cookies by setting your browser software accordingly or in the cookie settings.
(8) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
X. Newsletter
(1) The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
The legal basis for sending the newsletter and the analysis is your consent in accordance with Art. 6 Para. 1 lit. a.) DSGVO.
Mailchimp has implemented compliance measures for international data transfers. These apply to all global activities where Mailchimp processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: Mailchimp Data Processing Addendum Preview at https://mailchimp.com/legal/privacy/.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address.
(4) You can revoke your consent to the sending of the newsletter and the analysis at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in II and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this.
For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(6) You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
XI. Skincare Diagnosis
We process your personal data as well as your health data as part of our survey and subsequent routine recommendation.
The processing of the data is based on your consent (Art. 6 para. 1 lit. a GDPR, Art. 9 para. 2 lit. b GDPR). We collect and analyze your data in order to provide you with personalized recommendations regarding your skin care routine.
You can revoke your consent to the storage of your personal data at any time with effect for the future.
For this purpose, the following personal data and health data are processed: Name, first name, e-mail address, IP address, information on the skin condition that you provide to us via the survey.
Recipients of the data are internal employees of Maria Galland GmbH and Piwik as a processor.
The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).
Your data will be deleted no later than 6 months after collection.
We do not use automatic decision-making or profiling for this data processing.
XII. Use of our webshop
(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your data to our payment service providers and also shipping service providers. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO.
(2) You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably. You can always delete all further data, including your user account, in the customer area via a request to the customer service.
At the end of the order process, you can voluntarily enter the institute identification number issued by your beautician*. This enables us to make a clear assignment to your beautician so that we can provide the corresponding commission.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
(5) We use the service provider Adyen to process payments. The provider of this payment service is Adyen GmbH, Ludwigstraße 9, 80539, Germany (hereinafter "Adyen"). If you select payment via Adyen, the payment data you enter will be transmitted to Adyen. This transfer is solely for the purpose of payment processing with the online payment service Adyen and only takes place to the extent that it is necessary for this purpose. The transfer of your data to Adyen takes place on the basis of Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). Further information on the provider can be found at https://www.adyen.com/de_DE/.
(6) PayPal
There is also the option of processing the payment transaction with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.
The data transmitted to PayPal may be transferred by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf of PayPal. The transfer of your data to PayPal is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
(7) Verfied Reviews
After your order, we transmit your e-mail address and order to NET REVIEWS, 18-20 Avenue Robert Schuman / CS 40494 / 13002, Marseille (https://www.echte-bewertungen.com) to remind you by e-mail of the possibility to submit a review of your purchase. The processing is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in truthful, verified reviews of our services. You can object to this processing at any time by contacting us as described under I (2) or directly at NET REVIEWS. Your e-mail address will only be used for this purpose and in particular not for further advertising, nor will it be passed on to other third parties. The personal data stored in this context in the technical system of the Genuine Reviews evaluation tool will be deleted 18 months after the delivery of goods recorded for evaluation.
XIII. Online presences in social media
We maintain online presences within social networks in order to inform users active there about our services and to communicate directly via the platforms if they are interested. We are currently represented in the following networks:
Facebook
Instagram
Youtube
All our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding the offers on websites.
We have no influence on the collection of data and its further use by the social networks. Thus, we have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly draw attention to the fact that user data (e.g. personal information, IP address) is stored by the operators of the networks in accordance with their data usage guidelines and used for business purposes.
We process the data of users in the social media presences insofar as they contact and communicate with us via comments or direct messages, for example.
The legal basis for the processing of the user's data is Art. 6 para. 1 lit. b and f DSGVO.
a) Facebook / Instagram
You can access the social media network Facebook and also Instagram via external links on our website. All functions in the social media network are offered by Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The channels can only be accessed via an external link.
If you are logged in with your own profile on Facebook or Instagram and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Facebook or Instagram account before using our website.
For further information on the processing of your data, please refer to Facebook's privacy policy: https://facebook.com/privacy/explanation and to our "Facebook Fanpage" data policy.
b) Youtube
You can access the services of the social media network Youtube via external links on our website. All functions in the social media network are offered by YouTube or Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Youtube channels can only be accessed via an external link.
If you are logged in to YouTube with your own profile and access our social media channel, YouTube can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Youtube account before using our website.
Maria Galland GmbH operates an online presence on Facebook, a so-called Facebook Fanpage. For the visit of our fan page, the following supplementary information on data processing applies. Information on data protection on Facebook in general can be found here (https://www.facebook.com/about/privacy/).
1. joint responsibility, contact details, company data protection officer:
We are jointly responsible with Facebook for the operation of our Facebook Fanpage pursuant to Art. 26 DSGVO. For this purpose, we have stipulated in an agreement with Facebook who fulfills which obligations with regard to data protection. This agreement can be accessed here (https://www.facebook.com/legal/terms/page_controller_addendum). Accordingly, Facebook is primarily responsible for providing the data subject with information about the joint processing and enabling him or her to exercise his or her data protection rights. Notwithstanding the above, we hereby inform you about your visit to our Fanpage.
Our contact details are:
MARIA GALLAND PARIS
Wintrichring 58
D-80992 Munich
Telephone: 00800 642 55 263
Web: mariagalland.com
E-mail: kundenservice@maria-galland.com
(see our imprint).
Facebook can be reached at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can reach Facebook online here (https://www.facebook.com/help/contact/2061665240770586)
You can reach our company data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH
Alexander Bugl
Eifelstrasse 55
93057 Regensburg
E-mail: kontakt@buglundkollegen.de
You can reach Facebook's data protection officer at
https://www.facebook.com/help/contact/540977946302970.
2. collection and storage of personal data and the nature, purpose and use thereof:
(a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under "What types of information do we collect?". If you are not a Facebook user, cookies provided with identifiers, small text files, may still be stored in your browser, which enable so-called tracking of your user behavior.
As a rule, the user data during a visit to Facebook is also processed by Facebook for market research and advertising purposes. Based on the user behavior (including when visiting our Fanpage), complex user profiles are created, which Facebook can use to play personalized advertisements to the visitor within and outside of Facebook. More information on this can also be found in the Facebook data policy.
If you do not agree with this, you can object here (opt-out).
b) Data used by us ("Page Insights") and legal basis:
Facebook provides us with statistics and usage data that we can use to analyze the use of our Fanpage (so-called "Page Insights"). This enables us to continuously improve our offer on Facebook. We, as the operator, do not make any decisions regarding the processing of Insights data and any other information resulting from Art. 13 of the GDPR, such as storage duration of cookies on user devices. The primary responsibility under the GDPR for the processing of Insights Data lies with Facebook and Facebook fulfills all obligations under the GDPR with respect to the processing of Insights Data.
We as the site administrator have no other way, not even via user tracking, to evaluate user behavior on our Fanpage. It is also fundamentally not possible for us to identify the visitor to the Fanpage on the basis of the page insights. In particular, we have no right under the agreement to require Facebook to disclose individual visitor data. Identification is only possible for us if we are able to assign individual profile pictures to "Like" Page Views; however, this is only possible to the extent that our Fanpage has been marked with "Like" by the corresponding visitor and the "Like" is set to "public".
What information Facebook uses to create page insights can be found here.
The operation of the Faceboook fan page and the use of page insights serves our legitimate interest in effective external presentation and efficient communication with our customers and prospects. This interest justifies the operation of the page both to the legitimate interests of Facebook users, as well as to visitors to our fan page who do not have a Facebook account. Accordingly, the legal basis is Art. 6 para. 1 lit. f) DSGVO.
3. sharing of data with third parties:
Data collected by Facebook is shared and processed throughout the Facebook group. The Facebook group also includes, for example, Instagram, WhatsApp and Oculus. For example, information collected through Facebook is used to display personalized ads to users on Instagram, or information from WhatsApp is used to take action against accounts that send spam through WhatsApp on Facebook. This information can be found in the Facebook Data Policy under "How do Facebook companies work together?".
The processing of data by Facebook may involve the transfer of user data outside the European Economic Area (EEA), in particular the USA.
4. right to object:
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) DSGVO, you have the right to object to the processing of your personal data pursuant to Article 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you would like to exercise your right of revocation or objection, an e-mail to {email address} is sufficient.
5. data subject rights:
You have the right to revoke your consent to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future. Furthermore, you have the right to information according to Art. 15 DSGVO, the right to correction according to Art. 16 DSGVO, the right to deletion according to Art. 17 DSGVO, the right to restriction of processing according to Art. 18 DSGVO, as well as the right from data portability from Art. 20 DSGVO. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 DSGVO).
In principle, you can assert your data subject rights against Facebook as well as against us. Since only Facebook has direct access to your user data, you can most effectively assert your data protection rights against Facebook.
XIV. Processing of your data in the context of automated decision-making / profiling
(1) In principle, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In particular, these decisions may not regularly be based on special categories of personal data pursuant to Art. 9 (1) DSGVO. We do not use any corresponding decision-making processes within the scope of our website and the associated data processing.