PRIVACY STATEMENT

Privacy policy and consents

Table of contents

1. Objective and responsible body
2. Basic information on data processing
3. Processing of personal data
4. Collection of access data
5. Cookies & coverage measurement
6. Newsletter
7. Integration of services and contents of third parties
8. User rights and deletion
9. Changes to the data protection declaration
10. Contact person for data protection

1. Objective and responsible body

This data protection declaration provides information on the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within our online offer and the websites, functions and content connected with it (hereinafter jointly referred to as “online offer” or “website”). The data protection declaration applies irrespective of the domains, systems, platforms and devices (e.g. desktop or mobile) used on which the online offer is executed.

The provider of the online offer and the entity responsible for data protection is DBT DIRECT BEAUTY TECHNOLOGIES GMBH, Owner Dipl.-Kfm. Thomas Lang, Mangenberger Strasse 96, D-42655 Solingen, Germany, (hereinafter referred to as “provider”, “we” or “us”). For contact details, please refer to our imprint.

The term “user” includes all customers and visitors to our online offer. The terms used, e.g. “user”, are to be understood as gender-neutral.

2. Basic information on data processing

We process users’ personal data only in compliance with the relevant data protection regulations in accordance with the principles of data economy and data avoidance. This means that the user’s data will only be processed if a legal permission exists, in particular if the data is necessary for the provision of our contractual services and online services, or is required by law, or if consent has been given.

We take organisational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

If content, tools or other means from other providers (hereinafter collectively referred to as “third party providers”) are used within the scope of this data protection declaration and their named registered office is abroad, it is to be assumed that a transfer of data to the countries in which the third party providers are based takes place. The transfer of data to third countries takes place either on the basis of legal permission, user consent or special contractual clauses that guarantee the legally required security of the data.

3. Processing of personal data

Personal data are processed, in addition to the uses expressly mentioned in this Privacy Policy, for the following purposes on the basis of legal authorisations or users’ consents:

– The provision, execution, maintenance, optimisation and safeguarding of our services, service and user performance;

– To ensure effective customer service and technical support.

We transmit users’ data to third parties only if this is necessary for billing purposes (e.g. to a payment service provider) or for other purposes if these are necessary to fulfil our contractual obligations to users (e.g. communication of addresses to suppliers).

When contacting us (via contact form or email), the user’s details are stored for the purpose of processing the enquiry and in case follow-up questions arise.

Personal data is deleted if it has fulfilled its intended purpose and if there is no obligation to retain it.

4. Collection of access data

We collect data on every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider.

We use the log data without assigning it to the person of the user or otherwise creating a profile in accordance with the statutory provisions only for statistical evaluations for the purpose of the operation, security and optimisation of our online offer. However, we reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use on the basis of concrete indications.

5. Cookies & Reach Measurement

Cookies are pieces of information that are transmitted from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Users are informed about the use of cookies in the context of pseudonymous range measurement within the scope of this data protection declaration.

The viewing of this online offer is also possible under exclusion of cookies. If users do not wish cookies to be stored on their computer, they are requested to deactivate the corresponding option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.

It is possible to manage many online ad cookies from companies via the US site http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.

6. Newsletter

The following information explains the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. In addition, our newsletters contain the following information: our products, offers, promotions and our company.

Double opt-in and logging: Registration for our newsletter is carried out in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.

Dispatch service provider: The newsletter is dispatched by means of “[newsletter_service]” (hereinafter referred to as “dispatch service provider”). You can view the data protection provisions of the dispatch service provider here: [newsletter_service_privacy_policy].

The e-mail addresses of our newsletter recipients, as well as their other data described in these notes, are stored on the servers of the dispatch service provider. The dispatch service provider uses this information to dispatch and evaluate the newsletter on our behalf. Furthermore, according to its own information, the dispatch service provider may use this data to optimise or improve its own services, e.g. for the technical optimisation of the dispatch and the presentation of the newsletter or for economic purposes in order to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.

Registration data: To register for the newsletter, it is sufficient to enter your e-mail address.

Statistical collection and analyses – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor that of the dispatch service provider to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Cancellation/revocation – You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to the dispatch of the newsletter by the dispatch service provider and the statistical analyses will expire. Unfortunately, it is not possible to separately cancel the dispatch by the dispatch service provider or the statistical analysis. You will find a link to cancel the newsletter at the end of each newsletter.

7. Integration of services and contents of third parties

It is possible that content or services of third-party providers, such as city maps or fonts from other websites, are integrated within our online offer. The integration of third-party content always requires that the third-party provider is aware of the user’s IP address, as without the IP address they would not be able to send the content to the user’s browser. The IP address is thus required for the display of this content. Furthermore, the providers of the third-party content can set their own cookies and process the users’ data for their own purposes. In doing so, user profiles can be created from the processed data. We will use this content as sparingly as possible and in a data-avoiding manner and select reliable third-party providers with regard to data security.

The following presentation provides an overview of third-party providers and their content, together with links to their data protection declarations, which contain further information on the processing of data and, in part already mentioned here, options for objection (so-called opt-out):

– Maps of the “Google Maps” service of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

– Videos from the “YouTube” platform of the third-party provider Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

8. User rights and deletion of data

Users have the right, upon request and free of charge, to receive information about the personal data we have stored about them.

In addition, users have the right to correct incorrect data, revoke consent, block and delete their personal data, as well as the right to file a complaint with the competent supervisory authority in the event that unlawful data processing is assumed.

The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations.

9. Changes to the data protection declaration

We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as user consent is required or components of the data protection declaration contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.

Users are requested to inform themselves regularly about the content of the data protection declaration.

10. Contact person for data protection

If you have any questions regarding the collection, processing or use of your personal data, or if you wish to request information, correction, blocking or deletion of data or revoke your consent, please contact:

DBT DIRECT BEAUTY TECHNOLOGIES GMBH

Mangenberger Strasse 96
D-42655 Solingen
Germany

Tel. +49 (0) 212 38 34 1-0
Fax. +49 (0)212 20 86 11
Email info@directbeauty.de