(1) In accordance with Art. 13 DSGVO, we inform you below about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) The responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (DSGVO) is
MARIA GALLAND GmbH
Telephone: 00800 642 55 263
(see our imprint).
You can reach our data protection officer at:
Bugl & Kollegen Gesellschaft für Datenschutz und Informationssicherheit mbH.
Sedan Street 7
(3) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f DSGVO. If your contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are statutory retention obligations.
(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.
(1) You have the following rights with regard to the personal data concerning you:
- Right to information,
- Right to correction or deletion,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
You can find the competent supervisory authority in data protection matters under the following link.
(1) The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services and technical maintenance services, which we use for the purpose of operating this online offer.
(2) In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 para. 1 lit. f DSGVO in conjunction with Art. 28 DSGVO. Art. 28 DSGVO (conclusion of order processing agreement). Further information can be found here https://trust.salesforce.com/en/trust-and-compliance-documentation/commerce-cloud/
(1) In the case of purely informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- Operating system and its interface
- language and version of the browser software.
We collect and store this data on the basis of our legitimate interest for a limited period of time in order to initiate a derivation to personal data in the event of unauthorised access or attempted access to our servers (Art. 6 Para. 1 lit. f DSGVO).
(1) In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. They serve to make the Internet offer as a whole more user-friendly and effective.
(2) We distinguish between the following categories of cookies:
(a) Absolutely necessary cookies, without which the functionality of our website would be limited,
(b) Functional cookies,
(c) performance cookies,
(d) marketing cookies; and
(e) social media cookies for website analytics and marketing purposes.
The use of optional cookies is based on your consent (Art. 6 para. 1 lit. a DSGVO).
In the following paragraphs and the following table and we describe the optional cookies used on this website in detail:
(a) Absolutely necessary cookies
These cookies are necessary for the website to function and cannot be disabled in your systems. Generally, these cookies are only set in response to actions you take that correspond to a service request, such as setting your privacy preferences, logging in or filling out forms. You can set your browser to block these cookies or to notify you of these cookies. However, some areas of the website will not work if you do this
(b) Functional cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third parties whose services we use on our sites. If you do not allow these cookies, some or all of these services may not work properly.
(c) Performance cookies
These cookies allow us to count visits and traffic sources so that we can measure and improve the performance of our website. They help us answer questions about which pages are most popular, which are least used and how visitors move around the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not be able to know when you have visited our website.
(d) Cookies for marketing purposes
These cookies may be set through our website by our advertising partners. They may be used by these companies to profile your interests and show you relevant ads on other websites. They do not directly store personal data but are based on a unique identification of your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
(e) Social media cookies
These cookies are set by a number of social media services that we use on the Website to enable you to share our content with your friends and networks. These cookies are able to track your browser across other websites and build a profile of your interests. This may affect content and messages you see on other websites. If you do not allow these cookies, you may not be able to use or see these sharing tools.
On our website we use the following necessary/functional and analytical/performance cookies:
(1) Type of cookie:
This cookie is set by websites using certain versions of OneTrust's cookie compliance solution. It is set after visitors have seen a cookie information notice and in some cases only when they actively close the notice. It allows the website not to show the notice to a user more than once. The cookie has a lifetime of one year and does not contain any personal information.
Expiry/duration of storage: Persistent
(2) Type of cookie:
This cookie is set by OneTrust's cookie compliance solution. It stores information about the categories of cookies the website uses and whether visitors have given or withdrawn their consent to use each category. This allows website owners to prevent cookies in each category from being set in the user's browser if consent is not given. The cookie has a normal lifetime of one year so that returning visitors to the website can remember their preferences. It does not contain any information that can identify the website visitor.
Expiry/duration of storage: Persistent.
(3) Type of cookie:
General purpose platform session cookie used by websites written in JSP. Normally used to maintain an anonymous user session by the server.
Expiration/duration of storage: After the end of the session.
(4) Type of cookie:
dwsid (replaces sid)
Identifies the current browsing session.
Expiration/duration of storage: Current session.
(5) Type of cookie:
Identifies the current browsing session. Salesforce Reference Architecture (SFRA) uses this to determine whether to display the cookie hints content asset. Used only by SFRA and customisations.
(6) Type of cookie:
Used with dwsid to secure the session over HTTPS. The * in the cookie name is a value unique to the site.
Expiry/duration of storage: Current session
(7) Type of cookie:
Identifies a registered shopper. Only used if the shopper selects the Remember Me option. (This is an optional website feature.) The * in the cookie name is a unique value for the website.
Expiry/duration of storage: 180 days
(8) Type of cookie:
BM user cookie
(9) Type of cookie:
Expiration/Duration of storage: Current session
(10) Type of cookie:
Analytics cookie used to track anonymous or logged in users to measure or improve performance and help personalise website content. Expires at the end of the browser session.
(11) Type of cookie:
Expiration/Duration of storage: Current session.
(12) Type of cookie:
Tracks participation in A/B test groups for analytics purposes. If the shopper has participated in a test, the value is deleted when the shopper opts out. The * in the cookie name is a unique value for the website.
(13) Type of cookie:
Expiration/Duration of storage: 180 days
(14) Type of cookie:
This cookie is used to manage server-side traffic for login.
(15) Type of cookie:
Stores the following data for analytics purposes: session ID, report suite name, buyer customer ID, source group ID (encrypted), currency key and time zone. The * in the cookie name is a unique value for the site.
Expiry/duration of storage: Current session.
(16) Type of cookie:
Stores the source code for campaign and affiliate tracking. You set the lifetime of this cookie for each source code in the Business Manager. The * in the cookie name is a unique value for the site.
Expiry/duration of storage: Varies from 0-999 days.
(17) Type of cookie:
Random ID used to identify an unregistered shopper or a shopper who has not yet logged in independently of the session. It is used, for example, to track basket and order activity and for analytics. It is not used for activities that occur after the shopper has registered. The * in the cookie name is a unique value for the site.
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses so-called "cookies". The information generated by the cookie about your use of this website is usually transmitted to a Google server within the EU and stored there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator
(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
(4) This website uses Google Analytics with the extension "anonymizeIp". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
(5) In the event that, in exceptional cases, the full IP address is transferred to a Google server in the USA and shortened there, Google has undertaken to comply with the Privacy Shield agreement between the EU and the USA.
(6) We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 lit. a DSGVO.
(7) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
General information on data protection: https://policies.google.com/privacy?hl=de&gl=de#infocollect
(1) Within our online offer, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or Meta Platforms Inc., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used for the analysis, optimisation and economic operation of our online offer.
(2) Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
(3) With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
(4) The Facebook pixel is integrated by Facebook after your consent and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes as part of the pixel procedure, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of matching data that has also been encrypted by Facebook. The legal basis for the use of Facebook Pixel is Art. 6 para. 1 lit. a DSGVO.
(5) The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details on the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
(1) We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. These are integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to Google if you do not call up the maps. Only when you give your consent and call up the maps will the data mentioned in paragraph 2 be transferred. We have no influence on this data transmission.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under IV of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. a DSGVO.
(3) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on the purpose and scope of the data collection and its processing by the provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
(1) We use the Google Tag Manager on our website.
(2) The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it.
In particular, the following personal data is processed by the Google Tag Manager:
Online identifiers (including cookie identifiers).
(3) In addition, you can find more detailed information about the Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html as well as at https://www.google.com/intlde/policies/privacy/index.html under the section "Data we receive based on your use of our services".
(4) Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager. Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. a DSGVO.
(5) If you have deactivated individual tracking services (for example by rejecting a cookie), the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.
(6) By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. Furthermore, the integration of the Google Tag Manager optimises the loading times of the various services.
(8) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
(1) The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
The legal basis for sending the newsletter and the analysis is your consent in accordance with Art. 6 Para. 1 lit. a.) DSGVO.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements. Furthermore, we have concluded a "Data Processing Agreement" with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with the data protection provisions and, in particular, not to pass it on to third parties. You can view the data protection provisions of MailChimp at https://mailchimp.com/legal/privacy/.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address.
(4) You can revoke your consent to the sending of the newsletter and the analysis at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in II and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this.
For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(6) You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
XI. Use of our webshop
(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your data to our payment service providers and also shipping service providers. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO.
(2) You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably. You can always delete all further data, including your user account, in the customer area via a request to the customer service.
At the end of the order process, you can voluntarily enter the institute identification number issued by your beautician*. This enables us to make a clear assignment to your beautician so that we can provide the corresponding commission.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
(5) We use the service provider Adyen to process payments. The provider of this payment service is Adyen GmbH, Ludwigstraße 9, 80539, Germany (hereinafter "Adyen"). If you select payment via Adyen, the payment data you enter will be transmitted to Adyen. This transfer is solely for the purpose of payment processing with the online payment service Adyen and only takes place to the extent that it is necessary for this purpose. The transfer of your data to Adyen takes place on the basis of Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). Further information on the provider can be found at https://www.adyen.com/de_DE/.
There is also the option of processing the payment transaction with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.
(7) Verfied Reviews
After your order, we transmit your e-mail address and order to NET REVIEWS, 18-20 Avenue Robert Schuman / CS 40494 / 13002, Marseille (https://www.echte-bewertungen.com) to remind you by e-mail of the possibility to submit a review of your purchase. The processing is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in truthful, verified reviews of our services. You can object to this processing at any time by contacting us as described under I (2) or directly at NET REVIEWS. Your e-mail address will only be used for this purpose and in particular not for further advertising, nor will it be passed on to other third parties. The personal data stored in this context in the technical system of the Genuine Reviews evaluation tool will be deleted 18 months after the delivery of goods recorded for evaluation.
We maintain online presences within social networks in order to inform users active there about our services and to communicate directly via the platforms if they are interested. We are currently represented in the following networks:
All our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding the offers on websites.
We have no influence on the collection of data and its further use by the social networks. Thus, we have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly draw attention to the fact that user data (e.g. personal information, IP address) is stored by the operators of the networks in accordance with their data usage guidelines and used for business purposes.
We process the data of users in the social media presences insofar as they contact and communicate with us via comments or direct messages, for example.
The legal basis for the processing of the user's data is Art. 6 para. 1 lit. b and f DSGVO.
a) Facebook / Instagram
You can access the social media network Facebook and also Instagram via external links on our website. All functions in the social media network are offered by Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The channels can only be accessed via an external link.
If you are logged in with your own profile on Facebook or Instagram and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Facebook or Instagram account before using our website.
You can access the services of the social media network Youtube via external links on our website. All functions in the social media network are offered by YouTube or Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Youtube channels can only be accessed via an external link.
If you are logged in to YouTube with your own profile and access our social media channel, YouTube can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Youtube account before using our website.
(1) In principle, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In particular, these decisions may not regularly be based on special categories of personal data pursuant to Art. 9 (1) DSGVO. We do not use any corresponding decision-making processes within the scope of our website and the associated data processing.