Datenschutzerklärung – epiladerm international Online-Shop

1) Information on the collection of personal data and contact details of the person responsible

1.1Wir are pleased that you are visiting our website and thank you for your interest. In the following we will inform you about how we handle your personal data when you use our website. Personal data are all data with which you can be personally identified.

1.2The controller of data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Kim Wium-Andersen, Ichous 11 - Zenon Stadium Towers, Avgoulla 26, Flat 302, 6020 LARNACA Cyprus, Tel: +357 96777871, Email: [email protected]. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3Diese website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the responsible person). You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

2) Data collection when visiting our website

When using our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser sends to our server (so-called "server log files"). When you call up our website, we collect the following data, which are technically necessary for us to display the website:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/reference from which you reached the site
Used Browser
Operating system in use
IP address used (if necessary: in anonymised form)

Processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our justified interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files subsequently if there are concrete indications of illegal use.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted again after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your terminal device and enable us to recognise your browser the next time you visit us (so-called persistent cookies). If cookies are set, they collect and process certain user information to an individual extent, such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. The duration of the respective cookie storage can be found in the overview of the cookie settings of your web browser.

In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping cart for a later visit to the website). Insofar as personal data are also processed by individual cookies used by us, processing is carried out in accordance with Art. 6 Para. 1 letter b DSGVO either for the execution of the contract, in accordance with Art. 6 Para. 1 letter a DSGVO in the case of a granted consent or in accordance with Art. 6 Para. 1 letter f DSGVO to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for each browser under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/de/latest/web-preferences/#cookies

Please note that the functionality of our website may be limited if cookies are not accepted.

4) Making contact

Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f DSGVO. If your contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b DSGVO. Your data will be deleted after final processing of your request. This is the case if it can be deduced from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary.

5) Data processing when opening a customer account and for contract processing

In accordance with Art. 6 Para. 1 lit. b DSGVO, personal data will continue to be collected and processed if you provide us with this information for the purpose of executing a contract or opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above mentioned address of the responsible person. We store and use the data you provide us with to process the contract. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after these periods have expired, unless you have expressly consented to further use of your data or a legally permitted further use of data has been reserved by us.

6) Use of customer data for direct advertising

6.1Anmeldung to our e-mail newsletter

If you register for our e-mail newsletter, we will send you regular information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you an e-mail newsletter if you have expressly confirmed that you agree to receive newsletters. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on a corresponding link.

By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6 Para. 1 letter a DSGVO. When you register for the newsletter, we save your IP address entered by your Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for the purpose of advertising in the newsletter. You can unsubscribe from the newsletter at any time using the link provided for this purpose in the newsletter or by sending a message to the person responsible mentioned above. After you have cancelled your subscription, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to further use of your data or we reserve the right to use your data for other purposes that are permitted by law and about which we inform you in this declaration.

6.2Versand of the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular e-mail offers on similar goods or services from our range of products to those you have already purchased. In accordance with § 7 paragraph 3 UWG we do not need to obtain your separate consent for this. In this respect, data processing is carried out solely on the basis of our justified interest in personalised direct advertising in accordance with Art. 6 Para. 1 lit. f DSGVO. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the above-mentioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning of this document. For this you will only incur transmission costs according to the basic rates. After receipt of your objection, the use of your e-mail address for advertising purposes will be immediately discontinued.

6.3Werbung by letter post

On the basis of our justified interest in personalised direct advertising, we reserve the right to store your first and last name, your postal address and - insofar as we have received this additional information from you within the scope of the contractual relationship - your title, academic degree, year of birth and your professional, industry or business name in accordance with Art. 6 Para. 1 letter f DSGVO and to use this information to send you interesting offers and information on our products by post.

You can object to the storage and use of your data for this purpose at any time by sending a message to the person responsible.

7) Data processing for order processing

7.1Zur processing of your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.

The personal data collected by us will be passed on to the transport company commissioned with the delivery within the framework of the contract processing, insofar as this is necessary for the delivery of the goods. Your payment data will be passed on to the assigned credit institute within the scope of the payment processing, as far as this is necessary for the payment processing. If payment service providers are used, we will inform you explicitly about this below. The legal basis for the transfer of data is Art. 6 para. 1 lit. b DSGVO.

7.2Zur In order to fulfil our contractual obligations towards our customers, we work together with external shipping partners. We will pass on your name and delivery address and, if necessary for delivery, your telephone number to a shipping partner selected by us exclusively for the purpose of delivering goods in accordance with Art. 6 Para. 1 lit. b DSGVO.

7.3Weitergabe personal data to shipping service providers

- German Post
If the goods are delivered by Deutsche Post (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn, Germany), we will pass on your e-mail address to Deutsche Post in accordance with Art. 6 Para. 1 letter a DSGVO prior to delivery of the goods for the purpose of coordinating a delivery date or to announce delivery, provided that you have given your express consent in the ordering process. Otherwise, we will only pass on the name of the recipient and the delivery address to Deutsche Post for the purpose of delivery in accordance with Art. 6 Para. 1 lit. b DSGVO. This information is only passed on to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with Deutsche Post or the delivery announcement is not possible.
This consent can be revoked at any time with future effect vis-à-vis the responsible person named above or Deutsche Post.

8) Use of social media: videos

Use of Youtube videos

This website uses the Youtube embedding feature to display and play videos from the provider "Youtube", which is part of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Here, the extended data protection mode is used, which according to the provider's information, only starts storing user information when the video(s) is/are played. If the playback of embedded YouTube videos is started, the provider "YouTube" uses cookies to collect information about user behavior. According to information from "Youtube", these serve, among other things, to collect video statistics, improve user-friendliness and prevent abusive behaviour. If you are logged in to Google, your information is associated directly with your account when you click on a video. If you do not want your profile to be associated with YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them. Such an evaluation is carried out in particular in accordance with Art. 6 Para. 1 lit. f DSGVO on the basis of Google's legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have a right of objection to the creation of these user profiles, whereby you must contact YouTube to exercise this right. In the course of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Regardless of any playback of the embedded videos, each time this website is accessed, a connection to the Google network is established, which may trigger further data processing operations without our influence.

For more information on data protection at "YouTube", please refer to the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy

Insofar as legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6 para. 1 lit. a DSGVO. You can revoke your consent at any time with effect for the future. In order to exercise your revocation, please follow the procedure described above for making an objection.

9) Tools and others

9.1weclapp
For the handling of the accounting we use the cloud based accounting software of weclapp SE
Neue Mainzer Straße 66 - 68, 60311 Frankfurt am Main ("weclapp"). Weclapp processes incoming and outgoing invoices as well as, if applicable, our company's bank transactions in order to automatically capture invoices, match them to transactions and, in a partially automated process, create the financial accounting.
Insofar as personal data are also processed in this context, processing is carried out in accordance with Art. 6 Para. 1 letter f DSGVO on the basis of our justified interest in the efficient organisation and documentation of our business transactions.
Further information about weclapp, the automated processing of data and the data protection regulations can be found at https://www.weclapp.com/de/datenschutz/

9.2- Google Web Fonts
This site uses so-called web fonts for the uniform display of fonts which are provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to Google's servers. This may also involve the transmission of personal data to the servers of Google LLC. in the USA. In this way, Google obtains knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO. If your browser does not support Web Fonts, a standard font from your computer will be used.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and read Google's privacy policy: https://www.google.com/policies/privacy/

9.3Google reCAPTCHA

On this website we also use the reCAPTCHA feature of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is mainly used to distinguish whether an entry is made by a natural person or abusively by machine and automated processing. The service includes the sending of the IP address and, if applicable, other data required by Google for the reCAPTCHA service to Google and is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in establishing individual responsibility on the Internet and avoiding abuse and spam. In the course of using Google reCAPTCHA, personal data may also be transferred to the servers of Google LLC. in the USA.

Further information about Google reCAPTCHA and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/

10) Rights of the data subject

10.1Das applicable data protection law grants you comprehensive data protection rights (rights of information and intervention) vis-à-vis the person responsible for processing your personal data, about which we inform you below:

Right of access under Art. 15 DSGVO: In particular, you have a right of access to your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right of rectification, erasure, restriction of processing, opposition to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision making including profiling and, if applicable, meaningful information on the logic involved and the scope and intended effects of such processing on you, as well as your right to be informed of the guarantees provided under Art. 46 DPA when your data is transferred to third countries;
Right of rectification in accordance with Art. 16 DSGVO: You have the right to have incorrect data concerning you corrected and/or to have your incomplete data stored by us completed without delay;
Right to deletion in accordance with Art. 17 DSGVO: You have the right to request the deletion of your personal data if the conditions of Art. 17 para. 1 DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
Right to limit processing in accordance with Art. 18 DSGVO: You have the right to demand that the processing of your personal data be limited, as long as the accuracy of your data which you dispute is verified, if you refuse to delete your data on the grounds of unlawful processing and instead demand that the processing of your data be limited, if you require your data for the assertion, exercise or defence of legal claims, after we no longer require these data once the purpose has been achieved, or if you have lodged an objection on the grounds of your particular situation, as long as it has not yet been established that our legitimate reasons outweigh the objection;
Right to information in accordance with Art. 19 DSGVO: If you have asserted the right to rectification, erasure or limitation of processing vis-à-vis the controller, the latter is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to data transferability in accordance with Art. 20 DSGVO: You have the right to receive your personal data that you have provided us with in a structured, common and machine-readable format or to request that it be transferred to another person responsible, insofar as this is technically feasible;
Right to revoke consents granted pursuant to Art. 7 para. 3 DSGVO: You have the right to revoke at any time, with effect for the future, any consent to the processing of data that you have once granted. In the event of revocation, we will immediately delete the data concerned, unless further processing cannot be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation;
Right of appeal under Art. 77 DSGVO: If you believe that the processing of personal data relating to you is in breach of the DPA, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work or the place where the alleged breach occurs.

10.2WIDERSPRUCHSRECHT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR PREDOMINANT LEGITIMATE INTEREST IN THE CONTEXT OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME FOR REASONS ARISING FROM YOUR SPECIAL SITUATION, WITH EFFECT FOR THE FUTURE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE THAT THERE ARE COMPELLING REASONS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and - if relevant - additionally by the respective legal retention period (e.g. retention periods under commercial and tax law).

When personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 letter a DSGVO, these data are stored until the person concerned revokes his or her consent.

If there are legal retention periods for data which are processed within the framework of legal or similar obligations based on Art. 6 Para. 1 letter b DSGVO, these data are routinely deleted after the retention periods have expired, provided that they are no longer required for the fulfilment or initiation of a contract and/or we have no justified interest in their further storage.

When personal data are processed on the basis of Art. 6 para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right to object in accordance with Art. 21 para. 1 DSGVO, unless we can prove compelling reasons for processing worthy of protection which outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.

When personal data are processed for the purpose of direct advertising on the basis of Art. 6 para. 1 letter f DSGVO, these data are stored until the person concerned exercises his or her right of objection under Art. 21 para. 2 DSGVO.

Moreover, unless otherwise stated in the other information in this statement on specific processing situations, stored personal data will be deleted when they are no longer necessary for the purposes for which they were collected or otherwise processed.