VII Facebook, Custom Audiences and Facebook marketing services
(1) Within our online offer, the so-called "Facebook Pixel" of the social network Facebook, which is operated by Meta Platforms Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or Meta Platforms Inc., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used for the analysis, optimisation and economic operation of our online offer.
(2) Facebook is certified under the Privacy Shield agreement and thereby offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
(3) With the help of the Facebook pixel, it is possible for Facebook to determine the visitors to our online offer as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not have a harassing effect. With the help of the Facebook pixel, we can also track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
(4) The Facebook pixel is integrated by Facebook after your consent and can save a so-called cookie, i.e. a small file, on your device. If you subsequently log in to Facebook or visit Facebook while logged in, your visit to our online offer will be noted in your profile. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of the user. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and can be used by Facebook and for its own market research and advertising purposes. If we should transmit data to Facebook for matching purposes as part of the pixel procedure, this data is encrypted locally on the browser and only then sent to Facebook via a secure https connection. This is done solely for the purpose of matching data that has also been encrypted by Facebook. The legal basis for the use of Facebook Pixel is Art. 6 para. 1 lit. a DSGVO.
(5) The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads, in Facebook's data usage policy: https://www.facebook.com/policy.php. Specific information and details on the Facebook Pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
(6) You can also change the use of cookies by setting your browser software accordingly or in the cookie settings. To set which types of advertisements are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
VIII Integration of Google Maps
(1) We use the Google Maps service on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently. These are integrated in "extended data protection mode", i.e. no data about you as a user is transmitted to Google if you do not call up the maps. Only when you give your consent and call up the maps will the data mentioned in paragraph 2 be transferred. We have no influence on this data transmission.
(2) By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In addition, the data mentioned under IV of this declaration will be transmitted. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. The legal basis for the use of Google Maps is Art. 6 para. 1 lit. a DSGVO.
(3) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
Further information on the purpose and scope of the data collection and its processing by the provider can be found in the provider's data protection declarations. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
IX. Use of Google Tag Manager
(1) We use the Google Tag Manager on our website.
(2) The Google Tag Manager enables us to integrate various codes and services on our website in an orderly and simplified manner. The Google Tag Manager implements the tags or "triggers" the embedded tags. When a tag is triggered, Google may process information (including personal data) and process it.
In particular, the following personal data is processed by the Google Tag Manager:
Online identifiers (including cookie identifiers).
IP address
(3) In addition, you can find more detailed information about the Google Tag Manager on the websites https://www.google.de/tagmanager/use-policy.html as well as at https://www.google.com/intlde/policies/privacy/index.html under the section "Data we receive based on your use of our services".
(4) Furthermore, we have concluded an order processing contract with Google for the use of the Google Tag Manager. Google processes the data on our behalf in order to trigger the stored tags and display the services on our website. Google may transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. The legal basis for the use of Google Tag Manager is Art. 6 para. 1 lit. a DSGVO.
(5) If you have deactivated individual tracking services (for example by rejecting a cookie), the deactivation remains in place for all affected tracking tags that are integrated by the Google Tag Manager.
(6) By integrating the Google Tag Manager, we pursue the purpose of being able to carry out a simplified and clear integration of various services. Furthermore, the integration of the Google Tag Manager optimises the loading times of the various services.
(7) You can also change the use of cookies by setting your browser software accordingly or in the cookie settings.
(8) Information from the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland.
X. Newsletter
(1) The newsletter is sent using "MailChimp", a newsletter sending platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on MailChimp's servers in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, MailChimp may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and presentation of the newsletters or for economic purposes in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
The legal basis for sending the newsletter and the analysis is your consent in accordance with Art. 6 Para. 1 lit. a.) DSGVO.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement "Privacy Shield" and thus undertakes to comply with EU data protection requirements. Furthermore, we have concluded a "Data Processing Agreement" with MailChimp. This is a contract in which MailChimp undertakes to protect the data of our users, to process it on our behalf in accordance with the data protection provisions and, in particular, not to pass it on to third parties. You can view the data protection provisions of MailChimp at https://mailchimp.com/legal/privacy/.
(2) We use the so-called double opt-in procedure to register for our newsletter. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm that you wish to receive the newsletter. In addition, we store your IP addresses and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address.
(4) You can revoke your consent to the sending of the newsletter and the analysis at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending a message to the contact details provided in the imprint.
(5) We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which are single-pixel image files stored on our website. For the evaluations, we link the data mentioned in II and the web beacons with your e-mail address and an individual ID. With the data obtained in this way, we create a user profile in order to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletters, which links you click on in them and infer your personal interests from this.
For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our intention nor that of MailChimp to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
(6) You can object to this tracking at any time by clicking on the separate link provided in every email or by informing us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously. Moreover, such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
XI. Use of our webshop
(1) If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we require for the processing of your order. Mandatory data required for the processing of contracts are marked separately, other data are voluntary. We process the data you provide to process your order. For this purpose, we may pass on your data to our payment service providers and also shipping service providers. The legal basis for this is Art. 6 Para. 1 lit. b DSGVO.
(2) You can voluntarily create a customer account, through which we can save your data for future purchases. When you create an account under "My account", the data you provide will be stored revocably. You can always delete all further data, including your user account, in the customer area via a request to the customer service.
At the end of the order process, you can voluntarily enter the institute identification number issued by your beautician*. This enables us to make a clear assignment to your beautician so that we can provide the corresponding commission.
We may also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
(3) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data is only used to comply with legal obligations.
(4) To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
(5) We use the service provider Adyen to process payments. The provider of this payment service is Adyen GmbH, Ludwigstraße 9, 80539, Germany (hereinafter "Adyen"). If you select payment via Adyen, the payment data you enter will be transmitted to Adyen. This transfer is solely for the purpose of payment processing with the online payment service Adyen and only takes place to the extent that it is necessary for this purpose. The transfer of your data to Adyen takes place on the basis of Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). Further information on the provider can be found at https://www.adyen.com/de_DE/.
(6) PayPal
There is also the option of processing the payment transaction with the online payment service PayPal. PayPal enables online payments to be made to third parties. The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg. If you choose PayPal as your payment method, your data required for the payment process will be automatically transmitted to PayPal.
The data transmitted to PayPal may be transferred by PayPal to credit agencies. The purpose of this transmission is to check your identity and creditworthiness. PayPal may also pass on your data to third parties insofar as this is necessary for the fulfilment of contractual obligations or the data is to be processed on behalf of PayPal. The transfer of your data to PayPal is based on Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You can view PayPal's privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full/.
(7) Verfied Reviews
After your order, we transmit your e-mail address and order to NET REVIEWS, 18-20 Avenue Robert Schuman / CS 40494 / 13002, Marseille (https://www.echte-bewertungen.com) to remind you by e-mail of the possibility to submit a review of your purchase. The processing is based on Art. 6 (1) lit. f DSGVO from the legitimate interest in truthful, verified reviews of our services. You can object to this processing at any time by contacting us as described under I (2) or directly at NET REVIEWS. Your e-mail address will only be used for this purpose and in particular not for further advertising, nor will it be passed on to other third parties. The personal data stored in this context in the technical system of the Genuine Reviews evaluation tool will be deleted 18 months after the delivery of goods recorded for evaluation.
XII. Online presences in social media
We maintain online presences within social networks in order to inform users active there about our services and to communicate directly via the platforms if they are interested. We are currently represented in the following networks:
Facebook
Instagram
Youtube
All our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding the offers on websites.
We have no influence on the collection of data and its further use by the social networks. Thus, we have no knowledge of the extent to which, where and for how long the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. We therefore expressly draw attention to the fact that user data (e.g. personal information, IP address) is stored by the operators of the networks in accordance with their data usage guidelines and used for business purposes.
We process the data of users in the social media presences insofar as they contact and communicate with us via comments or direct messages, for example.
The legal basis for the processing of the user's data is Art. 6 para. 1 lit. b and f DSGVO.
a) Facebook / Instagram
You can access the social media network Facebook and also Instagram via external links on our website. All functions in the social media network are offered by Meta Platforms Inc, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The channels can only be accessed via an external link.
If you are logged in with your own profile on Facebook or Instagram and access our social media channel, Facebook can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Facebook or Instagram account before using our website.
For further information on the processing of your data, please refer to Facebook's privacy policy: https://facebook.com/privacy/explanation and to our "Facebook Fanpage" data policy.
b) Youtube
You can access the services of the social media network Youtube via external links on our website. All functions in the social media network are offered by YouTube or Google: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Youtube channels can only be accessed via an external link.
If you are logged in to YouTube with your own profile and access our social media channel, YouTube can assign your visit to your logged-in profile. If you do not wish your user account to be associated with your IP address, please log out of your Youtube account before using our website.
XIII. Processing of your data in the context of automated decision-making / profiling
(1) In principle, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. In particular, these decisions may not regularly be based on special categories of personal data pursuant to Art. 9 (1) DSGVO. We do not use any corresponding decision-making processes within the scope of our website and the associated data processing.