Privacy policy
Mann & Schröder GmbH (hereinafter referred to as "Mann & Schröder Cosmetics"), Bahnhofstraße 14, 74936 Siegelsbach and Schröder Cosmetics GmbH & Co. KG (hereinafter referred to as "Schröder Cosmetics"), Mann & Schröder Str. 1, 74928 Hüffenhardt (hereinafter also referred to jointly as "we or our") take the protection of your personal data very seriously and strictly adhere to all applicable laws and regulations on data protection, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).
The following explanations provide you with an overview of how we ensure this protection and which data we process for which purpose.
1. Usage Date
Every time this website is accessed and every time a file is retrieved, general data about this process is automatically stored in a log file. The storage serves exclusively system-related and statistical purposes (based on Art. 6 para. 1 letter f.) DSGVO), as well as in exceptional cases to report criminal offences (based on Art. 6 para. 1 letter f.) DSGVO, § 25 para. 2 No. 2 TTDSG). Our legitimate interest is to ensure the delivery of the website and to combat abuse and troubleshooting. The data is not passed on to third parties or evaluated in any other way, unless there is a legal obligation to do so (Art. 6 para. 1 letter c) DSGVO). In detail, the
following data record is stored about each retrieval:
· name of the retrieved file
· date and time of the retrieval
· amount of data transferred
· message whether the retrieval was successful
· description of the type of web browser used
· operating system used
· the previously visited page
· provider
· your IP address
We pass on the collected data to the responsible internal departments or to external service providers who act for us as order processors (e.g. hoster, provider of the content management system) for processing in accordance with the processing required for the presentation of the website and the creation of the content. The deletion of the log file takes place as soon as they are no longer needed for the purposes mentioned, at the latest after 10 days.
2. Personal data via the contact form and competitions.
Personal data will only be processed by us if we are permitted to do so by law, or if you have given us your consent.
In detail:
a. Contact form
When you contact us, we store your data on the basis of Art. 6 (1) (b) DSGVO,
in the case of inquiries in connection with a contract, and Art. 6 (1) (f) DSGVO for the purpose of processing your inquiry and in the event that further
correspondence should take place. When processing the data that arises in the
course of communication, we have a legitimate interest in processing the data
in accordance with legal requirements, for internal review or in accordance
with the respective communication request.
For questions of any kind, we offer you the opportunity to contact us via a form provided on the website. For the use of the contact form, the following data is mandatory:
· your first and last name,
· a valid e-mail address,
· your specific message.
The listed data will be processed by us for the following purposes:
· to be able to identify you and
· to be able to answer your question.
In addition, you can voluntarily provide your address for a postal contact.
The use of the form provided via the website is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the form, but can also use the other contact options provided on our website. If you wish to use our form, you must fill in the fields marked as mandatory. If you do not fill in the required information of the form, you will either not be able to send the request or we will unfortunately not be able to process your request.
We pass on the collected data to the respective internal departments for processing. In addition, external IT service providers such as our hoster have access to the data entered via the form.
The personal data collected by us for the purpose of responding to your inquiry will be automatically deleted after the inquiry you have made has been dealt with, if the circumstances indicate that the matter in question has been conclusively clarified and there are no legal obligations to retain the data.
b. Competitions
For the participation, the execution and the dispatch of prize notifications as well as prizes, we require personal data from you. This includes for example
· your first and last name,
· your e-mail address,
· if applicable, your address,
· if applicable, your date of birth
· if applicable, your telephone number.
The legal basis for this is Art. 6 para. 1 lit. b) EU DSGVO, i.e. you provide us with the data on the basis of the contractual relationship (conditions of participation) between you and us. For details on the contractual relationship, please refer to the respective conditions of participation. The provision of your personal data is necessary for the conclusion of the contract. You are not obliged to provide the personal data. If you do not provide your data, you will not be able to participate in the competition. If we organize competitions on social media platforms
(e.g. Instagram), we would like to ask you to also observe the data protection
provisions of the respective platform.
In some cases, we pass on your data to service providers
· for the shipment of raffle prizes to a shipping company and / or
· for the processing of sweepstakes to the website hoster.
For some sweepstakes, it is also necessary for the processing to transmit your data to our cooperation partners who support us in the implementation of sweepstakes, or to have them process your data so that they can contact the winner and/or deliver or provide the prizes. We inform youabout our cooperation partners in the respective conditions of participation.
In addition, we also organize sweepstakes together with other organizers (partners). For the processing of your data in the context of jointly organized sweepstakes, there is a joint responsibility pursuant to Art. 26 DSGVO between and the respective partner. We and the partner have set out the principles for the joint processing of personal data and the respective data protection-relevant tasks and responsibilities in the context of the sweepstakes in a written agreement. In connection with jointly organized sweepstakes, your personal data collected by us will be shared with the partner or the partner will share the data collected by it with us in order to carry out the sweepstakes. We have agreed with the partner that both we and the partner are responsible for the fulfillment of the information obligations pursuant to Art. 13, 14 DSGVO, as well as the provision of information pursuant to Art. 26 (2) p. 2 DSGVO, and that we will provide you with this information as part of your participation in the sweepstakes. The obligation to exercise your data subject rights applies to both us and the respective partner,
depending on to whom you assert your rights. Both we and the respective partner
will not correct, delete or restrict the processing of your data on their own
authority, but only by mutual agreement. If a competition is organized jointly
with a partner, you will be informed of this separately in the conditions of
participation.
If you do not wish your data to be transmitted for the purpose of processing the competition, you will not be able to participate.
The legal basis for the transmission of data is Art. 6 para. 1 lit. b) DSGVO.
In principle, your data will be deleted after completion of the competition.
We store the winners' data until the expiry of the legal or possible contractual warranty and guarantee rights.
3. Orders via our online store
We collect personal data if you provide it to us voluntarily as part of your order. Mandatory fields are marked as such, as we require the data in these cases to process the contract. Which data is collected can be seen from the respective input forms.
Similarly, you must enter your data again if you want to request the return and fill out the return form for this purpose. Which data is collected can also be seen from the respective input forms.
The processing of this data takes place
· to be able to identify you as our customer
· to be able to process, fulfill and handle orders;
· for correspondence with you;
· for invoicing purposes;
· to process any liability claims that may exist, as well as the assertion of any claims;
· to manage your customer data.
We pass on your data to the shipping company commissioned with the delivery (e.g. DPD), insofar as this is necessary for the delivery of ordered goods. In addition, the data is passed on to the service provider selected for payment processing (e.g. PayPal). Depending on which payment service provider you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves, insofar as you create an account there. In this case, you must register with the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.
a.Operation of the online store via „Shopify"
For the operation of the online store we use on this website "Shopify", a service of Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road,
Dublin 4, D04 XN32, Ireland. Shopify provides an e-commerce platform through
which we offer our goods for sale. Shopify acts on our behalf on the basis of a
contract processing agreement pursuant to Art. 28 (3) p. 1 DSGVO. The data you
provide as part of the ordering process may be processed by Shopify in the USA
or Canada. Shopify Inc. ensures compliance with Canada's Personal Information
Protection and Electronic Documents Act (PIPEDA) and thereby offers a guarantee of compliance with the European data protection level. For more information, please see Shopify's privacy policy at http://www.shopify.com/legal/privacy.
b.Payment processing platform „Stripe“
If you choose a payment method offered via the payment processing platform "Stripe", the payment processing is carried out via Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on your information provided during the ordering process in addition to the information about your order. The following payment methods are integrated via mollie: PayPal, credit card. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd and only insofar as it is necessary for this purpose. Stripe Payments Europe Ltd acts on our behalf within the framework of a contract processing agreement pursuant to Art. 28 (3) p. 1 DSGVO. You can find more information on the data protection of "Stripe" at the
following internet address: https://stripe.com/en-de/privacy.
c. Payment service provider “PayPal“
If you choose payment services from "PayPal" (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg), you will be redirected directly to the PayPal website.
Regardless of this, we send the following data to PayPal to process the payment: name and first name of the customer, delivery address with name and first name (in the case of a different delivery address, possibly also names of third parties such as neighbors), total amount of the shopping cart (no information about individual items), order number. All entries of payment data are entered directly into the system of PayPal and can be neither read nor stored by us.
After a risk check by PayPal, we receive for further order processing only the information from PayPal, whether the order is accepted or rejected (if necessary, after manual review by PayPal). In the latter case, the customer can then select another payment method.
Without the transmission of your personal data, we can not make a payment via PayPal, but you can choose another payment method.
In this respect, please note the privacy policy of PayPal, available here: https://www.paypal.com/webapps/mpp/ua/privacy-full .
d. Payment service provider "Klarna“
If you choose to pay by Sofortüberweisung, our payment service provider
Klarna Bank AB (publ), German Branch, Chausseestraße 117, 10115 Berlin (Klarna) will handle the payment. Klarna is a provider that allows customers to pay in installments and Sofortüberweisung. For this purpose, we transmit to Klarna your name, your order data, your invoice data and your order number if you have chosen this payment method. Klarna checks whether the payment options can be offered to you and informs us of the result and processes the payment directly with you.
e. Invoicing via "Order Print Pro“
For the creation of invoices in PDF format, we use the Shopify app "Order Printer Pro" by Björn Aston Forsberg, Tranegårdsvej 74, 2900 Hellerup, Denmark (https://www.forsbergplustwo.com/pages/order-printer-pro) on the basis of
a commission processing agreement pursuant to Art. 28 (3) p. 1 DSGVO. The data processing is based on Art. 6 para. 1 lit. b DSGVO (processing for the
performance of a contract). Your data is loaded directly from Shopify when
creating an invoice PDF and is not stored in the app. Sub-processors are
involved that have access to personal data from a third country (countries
outside the European Economic Area). So-called standard contractual clauses
pursuant to Art. 46 DSGVO have been concluded as suitable guarantees. Further
information can be found here: http://help.forsbergplustwo.com/en/articles/1851050-gdpr-compliance. We use the data provided by you in accordance with Art. 6 para. 1 p. 1 lit. b DSGVO to process the contract. After complete execution of the contract and full payment of the purchase price, your data will be restricted for further processing and deleted
after expiry of the retention periods under tax and commercial law, unless you
have expressly consented to further use of your data or we reserve the right to
use data beyond this, which is permitted by law and about which we inform you
in this statement.
f. Data analysis
We use the user data of our online shop customers and persons with a customer account, also in the context of data analyses, for market research purposes. In doing so, we pursue the following purposes in particular:
· Classification into different target and user groups within the framework of market research (user segmentation).
· Insights into different target groups and their respective usage habits and shopping interests.
· Gaining insights into the demographics, interests, shopping and usage habits of our users and marketing these insights as part of advertising services provided to third parties.
· The early identification of trends in the cosmetics and online shopping sectors.
· Insights into how our online shop is used (usage analysis).
The user data is first anonymised before further processing for these purposes, so that it is only processed further in the form of summarised, statistical, depersonalised (anonymised) data. For this purpose, the user data is first transferred to our own analysis tool, which is hosted on our own servers. Anonymisation takes place immediately. For the aforementioned data analyses, we use the data that we have anonymised. For example, for analyses of the purchasing behaviour of our users, we use summarised (aggregated), statistical, depersonalised (anonymised) profile data as well as anonymised device and access data in order to be able to track and analyse purchasing processes through data analyses. We thereby gain anonymous information about the general usage behaviour of our users.
We process your data on the basis of a balancing of interests to protect our legitimate interests. Our legitimate interest in
processing data is derived from the purposes described above and, unless
otherwise stated, is of a competitive and economic nature.
The data processing is carried out on the basis of Art. 6 Para. 1 lit. f DSGVO.
4. Microsoft365
We use Microsoft365. As a result, we cannot rule out the possibility that your (sensitive) data may also be transferred outside the European Economic Area and thus outside the material scope of the GDPR or that your (sensitive) data may be accessed, e.g. as part of support by Microsoft or other cloud providers. This applies in particular to the transfer of your (sensitive) data to and access to your (sensitive) data from the USA. There is no unrestricted adequacy decision by the European Commission for the USA. A transfer of your (sensitive) data therefore takes place in accordance with Art. 46 para. 2 lit. c) GDPR generally on the basis of the standard contractual clauses of the European Commission. You can obtain a copy of the passages of the contracts concerning you from us.
5. Cookies – General information
5.1 Information and purposes
We use so-called cookies and similar technologies in some areas on this website (hereinafter generally referred to as "Tools"). Cookies are small text files that are placed on your computer to store certain information and can be stored by your browser. Through such file elements, your computer can be identified as a technical entity during your visit to this website with the same terminal device. During your visit to the website or the next time you visit our website with the same terminal device, the information stored in cookies is sent back either to our
website ("first party cookie") or to another website of a third-party provider to which the cookie belongs ("third party cookie").
The stored and returned information allows the
respective website to recognize that you have already accessed and visited it
with the browser of your end device. Some cookies also enable us to recognize
individual users by means of pseudonyms, e.g. an individual or random IDs, so
that we can offer individual services. In addition, other technologies, such as
local storage or device fingerprinting, may be used by which information from
your terminal device used when visiting our website is read and used for
recognition purposes.
This website uses the following types of tools
· Essential tools
To ensure that the requested service can be provided.
· Functional tools
Additional tools to measure the performance/attractiveness of our website and to provide other additional(personalized) functionalities.
·Statistical tools
Conducting basic analysis and evaluation of the use of our website.
· Marketing tools
Cross-site marketing profiling tools based on your user behavior.
The tools are set by our website or the external services to maintain the full functionality of our website, to improve the user experience and to optimize our web offering or to pursue the purpose stated in your consent.
For the tools we use, we will inform you in the respective sections of the privacy policy whether and how cookies are set and used in each case. You can also find further information on the cookie management platform used on this website.
5.2 Legal basis
The use of tools and any further storage and processing of personal data will only take place with your express consent or if this is absolutely necessary so that you can use the services offered and accessed by you accordingly.
Legal bases are Art. 6 para. 1 lit. f DSGVO (legitimate interest), § 25 para. 2 No. 2 TTDSG or Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a DSGVO (consent), § 25 para. 1 TTDSG. Consent according to Art. 6 para. 1 lit. a DSGVO is also considered consent in the sense of § 25 para. 1 TTDSG for setting the cookie on or reading information from the user's terminal device. Insofar as another legal basis is mentioned according to the DSGVO, the storage or setting of the cookie or the reading out of information is carried out on the basis of the exception according to § 25 para. 2 no. 2 TTDSG.
In the case of tools that are used on the basis of a legitimate interest, it generally applies that our legitimate interest is to ensure the functionality of our website and the services integrated on it (necessary tools). In addition, it may be that the tools increase user-friendliness and enable an optimized design of our web offering. Here, we have weighed your interests against our interests.
With the help of the tools, we can only identify, analyze and track you if you have consented to the use of the tool and your personal data pursuant to Art. 6 (1) lit. a DSGVO, Section 25 (1) TTDSG.
You will be informed which legal basis is relevant for the respective tools below in the respective sections on the tools used.
5.3 Deletion and objection
In addition to tools that are only used during a session and deleted after the website visit ("session cookies"), tools can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). Details on the deletion periods are listed with the respective tool. Most of the cookies used are so-called "session cookies", which are deleted when you end your browser session.
However, you usually have the option of setting your browser to prevent cookies from being stored on your end device. Cookies that have already been set can be deleted at any time via browser settings. You can find instructions on how to do this in the help function of your browser.
A general objection to cookies used for online advertising can be declared for a large number of the services used on websites within the framework of developed self-regulation programs, e.g. via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ . We would like to point out that
the setting made will be deleted when you delete your cookies
We point out that the exclusion of cookies may lead to functional limitations of the website.
5.4 Essential cookies
In some areas of this website, we use so-called technically essential cookies. Some functions of this website cannot be offered without the use of cookies. Essential cookies help make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
The use of essential cookies on our website is possible without your consent. For this reason, essential cookies cannot be individually disabled or enabled. However, you always have the option to generally disable cookies in your browser (see above). These cookies are automatically deleted after a time defined by us.
On this website, the following cookies are used, which are technically essential for the operation of the website:
Name of cookie |
Provider |
Purpose |
Storage period |
Type |
PHPSESSID |
M&S / CMS |
use in connection with session handling |
session |
essential |
We base the use of cookies on Art. 6 para. 1 letter f) DSGVO as well as § 25 para. 2 No. 2 TTDSG. The processing is carried out to enable the functioning of our website. It is therefore essential to protect our legitimate interests.
6. Essential services
6.1 Usercentrics (CMP Tool)
We use the consent management service of Usercentrics GmbH, Sendlinger
Str. 7, 80331 Munich, Germany ("Usercentrics") on this website for the purpose of consent management.
Data processing purposes
The following list represents the purposes of data collection and processing:
· compliance with legal obligations to obtain consent for data processing
and use of cookies or other technologies, as well as fulfillment of obligations
to provide evidence
· consent storage
Technologies used
Local Storage
Collected data
When using the Service, the following data is collected:
· opt-in and opt-out data
· referrer URL
· user Agent
· user settings
· consent ID
· time of consent
· consent type
· template version
· banner language
Legal basis
The legal basis for the data processing is the fulfillment of legal obligations according to Art. 6 para. 1 s. 1 lit. c DSGVO as well as Art. 25 para. 2 no. 2.
Place of processing
European Union
Retention period
The consent data (consent and revocation of consent) is stored for three
years. The data is then deleted immediately.
Data recipient
Usercentrics GmbH (processor)
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: datenschutz(at)usercentrics.com.
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://usercentrics.com/privacy-policy/
More information about the service
For more information on Usercentrics, please visit: https://usercentrics.com/ .
6.2 Google Tag Manager
We use the tag management system "Google Tag Manager" from Google Ireland Limited, Google Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google") on this website.
Via Google Tag Manager, tags can be integrated centrally via a user interface.
Tags are small sections of code that can track activities. Script codes of
other tools are integrated via the Google Tag Manager. The Tag Manager makes it
possible to control when a particular tag is triggered, which in turn may
collect data. Google Tag Manager does not access this data. If a deactivation
has been made at the domain or cookie level, this remains in place for all
deactivated tracking tags that are implemented with Google Tag Manager.
Data processing purposes
The following list represents the purposes of data collection and processing:
· tag management
Technologies used
· website tags
Collected data
When using the Service, the following data is collected:
· aggregated data about the tag triggering
· the Google Tag Manager does not store any personal data
Legal basis
The legal basis for the data processing is the legitimate interest in the sense of Art. 6 para. 1 lit. f DSGVO as well as Art. 25 para. 2 no. 2 TTDSG.
Place of processing
· European Union and third-party countries
·transmissions to and access from third-party countries are possible. As suitable guarantees for data transmission to the USA, so-called standard contractual clauses pursuant to Art. 46 Bas. 2 lit c DSGVO have been concluded with Google. For third-party countries/companies for which an adequacy decision exists, the adequacy decision pursuant to Art. 46 (1) DSGVO applies. Information on data transfer to third-party countries by Google can also be found under the following link: https://privacy.google.com/businesses/controllerte... .
Retention period
The data is deleted within 14 days after retrieval.
Data recipient
·
Alphabet Inc. (subprocessor)
·
Google LLC (subprocessor)
·
Google Ireland Limited (subprocessor)
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/contact/genera...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?h...
7. Services for functional purposes
7.1 Google Maps
We use the integrated map service "Google Maps" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google") on this website. To make it easier to find the nearest retailer, you have the option of entering your zip code or address.
Data processing purposes
The following list represents the purposes of data collection and processing:
· Show maps Technologies used
· API
Collected data
Information about the use of our website is already collected when those
subpages are called up in which the map from Google Maps is integrated.
When using the Service, the following data is collected:
· date and time of visit
· location information
· IP address
· URL
· usage data
· search terms
· geographic location
This collection of data takes place regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want the assignment with your profile at Google, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Legal basis
The legal basis for data processing is your consent within the meaning
of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by
clicking here and disabling the "Google Maps" service within the "Functional" category.
If you do not agree with the future transmission of your data to the
data recipient in the context of the use of the service, you also have the
option of completely deactivating the service by switching off the JavaScript
application in your browser.
Google Maps and thus also the map display on this website can then not
be used in both cases.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
· European Union and third-party countries
Retention period
The data will be deleted as soon as they are no longer needed for the
processing purposes.
Data recipient
· Alphabet Inc. (subprocessor)
· Google LLC (subprocessor)
· Google Ireland Limited (processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland
Limited on the standard data protection clauses approved by the EU Commission
and therein also agreed on the implementation of appropriate protective
measures for the specific case, which may also include encryption of the data
depending on the need for protection. The transfer of data to the servers in
the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/troubleshooter...
Privacy policy of the data recipient
Click here to read the privacy policy of the data
recipient: http://www.google.com/intl/de/policies/privacy/
Cookie policy of the data recipient
Click here to read the cookie policy of the data
recipient: https://policies.google.com/technologies/cookies?h...
7.2 Google Fonts
The service „Google Maps“ used by us on this website use so-called web
fonts (hereinafter "Google Fonts") for display, which are provided by
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin 4, Ireland
(hereinafter "Google"). When you call up our website, the browser
loads the required web fonts into the browser cache in order to display texts and
fonts correctly.
If your browser does not support web fonts, a standard font is used by
your computer.
For the above purpose, the browser used must connect to Google's
servers. This gives Google knowledge that our website has been accessed via
your IP address.
Data processing purposes
The following list represents the purposes of data collection and processing:
· provision of fonts for the service „Google Maps“
· improvement of the services
Technologies used
· API
Collected data
When using the Service, the following data is collected:
· IP address
· aggregated usage figures
· font request
· referrer URL
· CSS requests
· user Agent
· browser information
Legal basis
The legal basis for the data processing is your consent within the meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. If you consent to the use of the service "Google Maps", this also includes consent to the Google Fonts.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the service “Google Maps“ within the category "Functional". Because Google Fonts is linked to the service, deactivation is only possible in this way.
Place of processing
· European Union
Retention period
The data will be deleted as soon as they are no longer needed for the
processing purposes.
Data recipient
· Alphabet Inc. (subprocessor)
· Google LLC (suprocessor)
· Google Ireland Limited (processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland
Limited on the standard data protection clauses approved by the EU Commission
and therein also agreed on the implementation of appropriate protective
measures for the specific case, which may also include encryption of the data
depending on the need for protection. The transfer of data to the servers in
the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/contact/genera...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?h...
More information about the service
For more information on Google Web Fonts, visit https://developers.google.com/fonts/faq/
7.3 YouTube
We use embedded YouTube videos on this website, which are stored on https://www.youtube.com. They are displayed on our website using a so-called "framing technology" and can be played directly here. The provider of YouTube is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
("Google"). As soon as you play a video, data is transferred to YouTube, a Google company.
Data processing purposes
The following list represents the purposes of data collection and processing:
·show videos
Technologies used
·cookies
YouTube is integrated via the extended privacy mode.
Collected data
When using the Service, the following data is collected:
· device information
· IP address
· referrer URL
· videos viewed
This transmission takes place regardless of whether you have a user
account with YouTube or not.
If you are logged in to a Google user account, your data will be
directly assigned to this account. If you do not wish this, you must log out of
your user account before playing the video.
The data transmitted to YouTube is stored by YouTube in the form of user
profiles and used for advertising and market research purposes and for the
personalized design of their website. With the help of this evaluation, YouTube
can generate demand-optimized advertising (even for users who are not logged
in) and inform other YouTube users about your visit to our portal.
Legal basis
The legal basis for data processing is your consent within the meaning
of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by
clicking here and disabling the "YouTube Video" service within the "Functional" category.
You can object to the above-mentioned creation of user profiles by contacting YouTube.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
· European Union
Retention period
Data are deleted as soon as they are no longer needed for the processing
purposes.
Data recipient
· Alphabet Inc. (subprocessor)
· Google LLC (subprocessor)
· Google Ireland Limited (joint processor)
Disclosure to third-party countries
The collected information is usually transferred to a server of the
service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited
on the standard data protection clauses approved by the EU Commission and
therein also agreed on the implementation of appropriate protective measures
for the specific case, which may also include encryption of the data depending
on the need for protection. The transfer of data to the servers in the USA is
therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/contact/genera...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?h...
8. Services for statistical purposes
8.1 Google Analytics
We use "Google Analytics" on this website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google").
Data processing purposes
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
The following list represents the purposes of data collection and
processing:
- Statistics in order to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you. In addition, we receive information about the functionality of our website (for example, to detect navigation problems).
Technologies used
· Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site.
· Pixel
· JavaScript
· device fingerprint
Collected data
When using the Service, the following data is collected:
· click path
· date and time of visit
· device information
· location information
· IP address (We would like to point out that on this website Google Analytics has been extended by the code "gat. anonymizeIp();" to ensure anonymized collection of IP addresses (so-called IP masking)).
·visited pages
· referrer URL
· browser information
· host name
· browser language
· browser type
· screen resolution
· device operating system
· interaction data
· user behavior
· visited URL
We also use the "demographic characteristics and interests" function of Google Analytics, which enables us to obtain reports on age, gender and interest categories. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers and cannot be assigned to any specific person.
We have adjusted the configuration of Google Analytics so that only the
website analysis function is used, unless separate consent has been given for
the advertising functions.
Legal basis
The legal basis for data processing is your consent within the meaning
of Art. 6 Para. 1 lit. a DSGVO and § 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and disabling the services " Google Analytics" and "Google Analytics 4" within the category "Statistics".
You can also prevent the collection of data generated by the cookie and
related to your use of the website (including your IP address) to Google and
the processing of this data by Google by downloading and installing the browser
plug-in available at the following link (http://tools.google.com/dlpage/gaoptout?hl=de).
You can deactivate the above-mentioned "demographic characteristics
and interests" function at any time via the ad settings in your Google
account or generally prohibit the collection of your data by Google Analytics.
Click here to revoke on all domains of the processing company: https://safety.google/privacy/privacy-controls/
·European Union and third-party countries
Retention period
The deletion of Analytics data and set cookies is set to 14 months for
Google Analytics Universal and 2 months for Google Analytics 4 Property.
Data recipient
· Alphabet Inc.(subprocessor)
· Google LLC (subprocessor)
· Google Ireland Limited (processor)
When configuring Google Analytics, care was taken to ensure that Google
receives this data as a processor and is therefore not allowed to use this data
for its own purposes. The configuration of the "Google Analytics
advertising functions" is independent of this and is described separately
in the corresponding sections, insofar as these are also used on this website.
Disclosure to third-party countries
The information collected is generally transferred to a server of the
service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland
Limited on the standard data protection clauses approved by the EU Commission,
and in these clauses we have also agreed on the implementation of appropriate
protective measures for the specific case, which may also include encryption of
the data, depending on the level of protection required. The transfer of data
to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://business.safety.google/adscontrollerterms/
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/contact/genera...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?h...
9. Services for marketing purposes
9.1 Google Ads Conversion Tracking
We use "Google Ads Conversion Tracking" on this website. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (hereinafter "Google").
When you click on an ad placed via Google, a cookie is set for conversion tracking. Cookies are small text files that the internet browser stores on the user's computer.
With the help of Google Ads Conversion Tracking, Google and we can
recognize whether you have performed certain actions on the website. For
example, we can evaluate which buttons on our website were clicked how often
and which products were viewed or purchased particularly frequently. This
information is used to create conversion statistics. We learn the total number
of users who clicked on our ads and what actions they took. We do not receive
any information with which we can personally identify the user. Google itself uses
cookies or comparable recognition technologies for identification.
Data processing purposes
The following list represents the purposes of data collection and processing:
· conversion tracking
· analysis
· measuring the success of marketing campaigns
Technologies used
· cookies
· tracking pixel
· tracking code
Collected data
When using the Service, the following data is collected:
· browser language
· browser type
· clicked ads
· cookie ID
· date and time of visit
· IP address
· referrer URL
· web request
· user behavior
Legal basis
The legal basis for the data processing is your consent within the
meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by
clicking here and disabling the "Google Ads Conversion Tracking" service within the "Marketing" category.
You can disable Google interest-based ads on Google in your browser by
activating the "Off" button at https://adssettings.google.de/authenticated or by deactivating them at http://www.aboutads.info/choices /.
Click here to revoke on all domains of the processing company https://safety.google/privacy/privacy-controls/
· European Union and third-party countries
Retention period
The data will be deleted as soon as they are no longer needed for the
processing purposes.
Data recipient
· Google Ireland Limited
· Google LLC
· Alphabet Inc
There is a joint responsibility regarding the data processing in connection with Google Ads Conversion between Google and us according to Art. 26 DSGVO. We have agreed with Google that the primary responsibility under the GDPR for the processing of the data will be assumed by us and that we will fulfill all obligations under the GDPR with regard to the processing of the data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR).
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Google Ireland Limited on the standard data protection clauses approved by the EU Commission, and in these clauses we have also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO. Details on data processing, which comply with the standard contractual clause, can be found here: https://business.safety.google/adsprocessorterms/.
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://support.google.com/policies/troubleshooter...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policies.google.com/privacy?hl=en
Cookie policy of the data recipient
Click here to read the cookie policy oft the data recipient: https://policies.google.com/technologies/cookies?h...
9.2 Facebook Pixel
We use the visitor action pixel "Facebook Pixel" from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland (hereinafter "Facebook") on this website for the purpose of conversion measurement.
With the help of the Facebook Pixel, your behavior on our website can be
tracked after you have been redirected to our website by clicking on a Facebook
ad. This allows us to evaluate the effectiveness of our Facebook ads for
statistical and market research purposes and to optimize our future advertising
efforts.
The data collected is anonymous for us as the operator of this website,
we cannot draw any conclusions about your identity. However, the data is stored
and processed by Facebook, so that a connection to the respective user profile
is possible and Facebook can use the data for its own advertising purposes, in
accordance with the Facebook Data Use Policy. This allows Facebook to enable
the placement of advertisements on Facebook pages as well as outside of
Facebook. This use of the data cannot be influenced by us as the website
operator.
Furthermore, the website uses the remarketing function "Custom
Audiences" to be able to address you again within 6 months. This enables
us to display interest-based advertisements ("Facebook Ads") to you
following your visit to our website in the context of your visit to the social
network Facebook or other websites that also use this procedure. In this way,
we pursue the interest of showing you advertising that is of interest to you in
order to make our website more interesting for you. The use of our website by
you takes place without us being able to draw conclusions about you as a
person. It is therefore completely anonymous.
Due to the marketing tools used, your browser automatically establishes
a direct connection with the Facebook server. We have no influence on the scope
and further use of the data collected by Facebook through the use of this tool
and therefore inform you according to our state of knowledge: Through the
integration of Facebook Custom Audiences, Facebook receives the information
that you have accessed the corresponding web page of our website, or clicked on
an ad from us. If you are registered with a Facebook service, Facebook can
assign the visit to your account. Even if you are not registered with Facebook
or have not logged in, it is possible that the provider will learn and store
your IP address and other identifying features.
Data processing purposes
The following list represents the purposes of data collection and processing:
· analysis
· marketing
· retargeting
· advertising
· conversion tracking
· personalization
Technologies used
· cookies
· pixel
Collected data
When using the Service, the following data is collected:
· viewed advertisements
· viewed content
· device information
· geographic location
· HTTP header
· interactions with advertisements, services and products
· IP address
· clicked items
· marketing information
· Pages visited
· pixel ID
· referrer URL
· usage data
· user behavior
· facebook cookie information
· facebook user ID
· usage/click behavior
· browser information
· device operating system
· device ID
· user Agent
·browser type
Legal basis
The legal basis for data processing is your consent within the meaning
of Art. 6 Para. 1 lit. a DSGVO and Art. 25 Para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the service by clicking here and deactivating the service "Facebook Pixel" within the category "Marketing".
If you wish to object to the use of Facebook website Custom Audiences,
you can do so at https://www.facebook.com/ads/Webseite_custom_audiences/.
Deactivation of the "Facebook Custom Audiences" function is
available for logged-in users at https://www.facebook.com/settings/?tab=ads#.
If you do not have a Facebook account, you can deactivate usage-based
advertising from Facebook on the website of the European Interactive Digital
Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanag...
· European Union and third countries
Retention period
User interactions recorded on the websites are stored for no longer than
two years. However, the data will be deleted as soon as they are no longer
needed for the purposes of processing.
Data recipient
· Meta Platforms Ireland Ltd.
· Meta Platforms Inc.
We share responsibility with Facebook for the collection and transfer of
data as part of this process. This applies for
the following purposes:
· the creation of individualized or suitable advertisements, as well as
for their optimization
· the delivery of commercial and transactional messages (e.g., via
Messenger).
The following processing operations are therefore not included in the
joint processing:
· processing that occurs after collection and transmission is the sole
responsibility of Facebook
The creation of reports and analyses in aggregated and anonymized form
is carried out as part of commissioned processing and is therefore our
responsibility.
For joint responsibility, we have concluded a corresponding agreement
with Facebook, which can be accessed here: https://www.facebook.com/legal/controller_addendum. This sets out the respective responsibilities for fulfilling the obligation under the DSGVO with regard to shared responsibility.
The contact details of the responsible company, as well as Facebook's
data protection officer, are available here: https://www.facebook.com/about/privacy.
We have agreed with Facebook that Facebook can be used as a point of
contact for the exercise of data subject rights (see section 1.3.). This is
without prejudice to the competence of the data subject rights.
Disclosure to third-party countries
The collected information is usually transferred to a server of the
service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Meta Platforms
Ireland Ltd on the standard data protection clauses approved by the EU
Commission and therein also agreed on the implementation of appropriate
protective measures for the specific case, which may also include encryption of
the data depending on the need for protection. The transfer of data to the
servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://www.facebook.com/legal/EU_data_transfer_ad...
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: https://www.facebook.com/help/contact/540977946302...
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://www.facebook.com/privacy/explanation
On this website, we use the conversion tracking technology "Pinterest Tag" of Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, United States of America (hereinafter "Pinterest"), which enables us to display relevant advertisements and offers on Pinterest to our website visitors who are already interested in our website and our content / offers and are Pinterest members.
For this purpose, a so-called conversion tracking pixel from Pinterest
is integrated on our pages, via which Pinterest is informed when you visit our
website that you have accessed our website and in which parts of our offer you
were interested.
If, for example, you were interested in our products on our website, you
may be shown an ad for our products on Pinterest.
Data processing purposes
The following list represents the purposes of data collection and processing:
· analysis
· conversion tracking
· targeting
· measuring the success of the marketing campaigns Technologies used
· website tags
Collected data
When using the Service, the following data is collected:
· viewed ads
· click path
· clicked ads
· cookie information
· crash data
· date and time of visit
· device identifier
· device information
· device operating system
· geographic location
· IP address
· settings
· search terms
· third party information
· visited websites
· browser settings
Legal basis
The legal basis for the data processing is your consent within the
meaning of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG.
Deactivate data processing
You can prevent future data collection and execution of the Service by
clicking here and disabling the "Pinterest Tags"
service within the "Marketing" category.
You can also disable the collection of data for the display of interest-based advertising on Pinterest at any time in your account settings on Pinterest at https://www.pinterest.de/settings (there, under "Customization", disable the button "Use info from our partners to better tailor recommendations and ads on Pinterest") or at https://help.pinterest.com/de/article/personalizat... (there, disable the checkbox under "Customization").
Place of processing
· European Union
· United States of America
Retention period
Data are deleted as soon as they are no longer needed for the processing
purposes.
Data recipient
· Pinterest Inc.
Disclosure to third-party countries
The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Pinterest Inc. on the standard data protection clauses approved by the EU Commission and therein also agreed on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual
clause, can be found here: https://business.pinterest.com/de/pinterest-advert...
Data protection officer of the data recipient
Below you will find the e-mail address of the data protection officer of
the data recipient: privacy-support@pinterest.com
Privacy policy of the data recipient
Click here to read the privacy policy of the data recipient: https://policy.pinterest.com/en-gb/privacy-policy
10. Other Services
10.1 Affiliate Programme und Affiliate-Links
We include so-called affiliate links or other references (which may include, for example, search masks, widgets or discount codes) to the offers and services of us or third-party providers on this website in connection with our online offer (collectively referred to as "affiliate links"). If you follow the Affiliate Links or subsequently take advantage of the offers, we may receive a commission or other benefits from the providers of the Affilliate Programs (collectively,
"Commission").
In order to be able to track whether you have taken
advantage of the offers of an affiliate link used by us, it is necessary that
the respective providers learn that users have followed an affiliate link used
within our online offer. The assignment of the affiliate links to the
respective business transactions or to other actions (e.g. purchases) serves
the sole purpose of commission accounting and will be cancelled as soon as it
is no longer necessary for the purpose.
For the purposes of the aforementioned assignment of the affiliate links, the affiliate links may be supplemented by certain values that are a component of the link or may be stored elsewhere, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online
identifier of the user.
a. Amazon affiliate program
We participate in the Amazon EU affiliate program of Amazon EU SARL, Niederlassung Deutschland, Marcel-Breuer-Str. 12, 80807 Munich, Germany (Amazon). On our pages are integrated by Amazon advertisements and links to the site of Amazon.de, from which we can earn money through advertising reimbursement. Amazon uses cookies to track the origin of orders. This allows Amazon to recognize that you have clicked the partner link on our website.
The legal basis for this processing is your consent in accordance with Art. 6 para. 1 p. 1 lit. af) DSGVO and § 25 para. 1 TTDSG.The collected information is usually transferred to a server of the service provider in the USA and stored there.
For the transfer of data to the USA, we have agreed with Amazon on the standard data protection clauses approved by the EU Commission and also agreed therein on the implementation of appropriate protective measures for the specific case, which may also include encryption of the data depending on the need for protection. The transfer of data to the servers in the USA is therefore based on Art. 46 (2) c) DSGVO.
Details on data processing, which comply with the standard contractual clause, can be found here: https://www.amazon.de/gp/help/customer/display.htm...
For more information about Amazon's use of data, please see Amazon's privacy policy: https://www.amazon.de/gp/help/customer/display.htm... .
b. AWIN
We use the affiliate program of AWIN AG, Eichhornstraße 3, 10785 Berlin (hereinafter "AWIN") on this website in the form of text links, image links, advertising banners or input masks.
AWIN uses so-called "cookies". These are text files that are stored
on your computer and enable an analysis of the use of the website. AWIN also
uses so-called web beacons. These are invisible graphics used to collect
information. Through these web beacons, visitor traffic on these pages can be
analyzed. The information generated by cookies and/or web beacons about the use of this website and delivery of advertising formats is transmitted to a server
of AWIN and stored there. AWIN will use this information for the purpose of
evaluating your use of the website in relation to the advertisements, compiling
reports on website activity and advertising for website operators, among other
things. Awin can process the remuneration (i.e. commission payments) through
this evaluation and allocation. For this purpose, data such as a transaction
ID, order number, order date, publisher, net merchandise value and the
advertising medium used are transmitted.
The legal basis for this processing is your consent in accordance with
Art. 6 para. 1 p. 1 lit. f) DSGVO and § 25 para. 1 TTDSG.
If you do not wish these cookies to be stored, you can also deactivate
the acceptance of these cookies in your internet browser. You can delete the
cookies on your hard drive at any time. Alternatively, you can also deactivate
Awin cookies via this link: https://www.awin.com/de/rechtliches/optout.
11. SSL or TLS encryption
We use SSL or TLS encryption on this website for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
12. Retention period
Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its
intended purpose and the deletion does not conflict with any statutory
retention obligations. If the data is not deleted because it is required for
other and legally permissible purposes, its processing will be restricted. I.e.
the data is blocked and not processed for other purposes. This applies, for
example, to data that must be retained for reasons of commercial or tax law.
13. Data Subject Rights
The following data subject rights can be asserted both with Mann & Schröder Cosmetics (e.g. by e-mail to marketing(at)mann-schroeder.de) and with Schröder Cosmetics (e.g. by e-mail to marketing(at)schroeder-cosmetics.de). Data subjects will generally receive the information from the office where the rights were asserted.
a. Right to information
You have the right to request confirmation from us as to whether personal data concerning you is being processed. If necessary, we will inform the other company immediately of any legal positions asserted by data subjects. You will provide each other with all information necessary to respond to requests for information.
b. Correction/deletion/restriction of processing
Furthermore, you have the right to demand from us that
· inaccurate personal data concerning you be corrected without delay (right to rectification);
· personal data concerning you be deleted without delay (right to erasure); and
· the processing be restricted (right to restriction of processing).
c. Right to data portability
You have the right to receive personal data concerning you that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller.
d. Right of withdrawal
You have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
e. Right of objection
If the processing of personal data concerning you is necessary for the performance of a task carried out in the public interest (Art. 6(1)(e) DSGVO) or for the protection of our legitimate interests (Art. 6(1)(f) DSGVO), you have the right to object.
f. Right of appeal
If you believe that the processing of personal data concerning you is in breach
of the DSGVO, you have the right to lodge a complaint with a supervisory
authority, without prejudice to other legal remedies.
14. Responsible Company
The
Mann & Schröder GmbH
Bahnhofstrasse 14
74936 Siegelsbach / Germany
Phone: +49 7264 7002-0
Fax: +49 7264 7002-777
E-mail: info(at)mann-schroeder.de
and the
Schröder Cosmetics GmbH & Co KG
Mann & Schröder Str. 1
74928 Hüffenhardt
Phone: +49 7264 7002-0
Fax: +49 7264 7002-777
E-mail: info(at)schroeder-cosmetics.de
are jointly responsible for the described processing of personal data within the meaning of Art. 4 (7) GDPR and Art. 26 GDPR.
The parties have jointly determined the purposes and means of data processing. They are therefore jointly responsible for the protection of your personal data within the process stages described below (Art. 26 GDPR).As part of their joint responsibility under data protection law, Party 1 and Party 2 have agreed which of them will fulfill which obligations under the GDPR. This applies in particular to the exercise of the rights of the data subjects and the fulfillment of the information obligations pursuant to Articles 13 and 14 GDPR. Even if there is joint responsibility, we fulfill the data protection obligations according to the respective responsibilities as follows: The data collection on a website is carried out by the company specified in the respective legal notice. The data will subsequently be processed by the company if you have given your consent or if this is necessary for contractual purposes or the implementation of pre-contractual measures or to safeguard the legitimate interests of the respective company. Each company shall make the information required under Art. 13 and 14 GDPR available to the data subjects free of charge in a precise, transparent, comprehensible and easily accessible form in clear and simple language. Each party shall provide the other party with all necessary information from its sphere of activity.
Certain processing operations may be carried out under the responsibility of other companies. This is indicated under the respective descriptions of the processing, if this is the case.
15. Our data protection officer
If you have any questions on the subject of data protection, please do not hesitate to contact our data protection officer:
Mr. Michael Egenberger
E-Mail: datenschutz(at)mann-schroeder.de
16. Data recipient
Unless expressly stated in this paragraph or above in the description of the individual processing operations, your personal data will not be disclosed to third parties or other recipients.
For the provision (hosting) and for the content-related as well as
technical operation of our website, we u e the services of external service providers. The personal data collected on this website is stored on the hoster's servers and can be viewed by our technical service provider. This may
include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via the website. The use of the external service providers is in the interest of a secure, fast and efficient provision of our website by a professional provider. The external service providers will only process your data to the extent necessary to fulfill their performance obligations to us and will follow our instructions regarding the data processed for these purposes.
We have concluded a contract with each of the service providers used regarding commissioned processing in accordance with Art. 28 DSGVO.
We reserve the right, in the event of a legal obligation, to disclose information about you if the disclosure is required of us by lawfully acting authorities or law enforcement bodies. The legal basis is Art. 6 (1) c) DSGVO
(legal obligation).
17. Change of the privacy policy
We reserve the right to adapt this data protection declaration in the event
of any changes to the legal situation, the service offered on the website and
the data processing. However, this only applies with regard to declarations on
data processing. If your consent is required or components of the data
protection declaration contain provisions of the contractual relationship with
you, the changes will only be made with your consent.
You can regularly inform yourself about any changes in this data protection
declaration.
Status: March 2024