This privacy policy provides information about the processing of personal data on the website of Szaidel Cosmetic GmbH, represented by the Managing Director Thorsten Molter, Fabrikstraße 9, D-66892 Bruchmühlbach-Miesau, Tel.: +49 6372 9122-0, Fax: +49 6372 9122-80, www.szaidel-cosmetics.de.

 

Data Protection Officer:

You can reach our Data Protection Officer
by post at:

Telekom MMS GmbH

Postfach 10 02 24

01072 Dresden

via email at:
datenschutz@szaidel-cosmetics.de

OUR PRIVACY INFORMATION

Accessing the website

When you access our website, www.szaidel-cosmetics.de, the internet browser used by the user will automatically send data to the server of this website and store it temporarily in a log file. Until it is erased automatically, the following data shall be saved without any further input from the user:

- The IP address of the user’s device,

- The date and time of access by the user,

- The name and URL of the webpage accessed by the user,

- The website from which the user reached our company website (known as the referrer URL),

- The browser and operating system of the user’s device, as well as the name of the access provider used by the user.

The processing of your personal data is justified in accordance with point (f) of Art. 6(1) GDPR. The company has a legitimate interest in the data processing for the following purposes:

- To establish the connection to the company website promptly,

- To enable a user-friendly experience of the website,

- To identify and ensure the security and stability of the systems and

- To simplify and improve the administration of the website.

Processing does not take place exclusively for the purpose of obtaining information about the user of the website.

Contact form

Visitors may send messages to the company via an online contact form on the website. In order that they may receive a response, the user must specify a least a valid email address. All other information may be provided voluntarily by the person sending the query. By sending the message via the contact form, the user consents to the processing the personal data sent. Data processing shall take place exclusively for the purpose of processing and responding to queries via the contact form. This takes place on the basis of the consent issued voluntarily in accordance with point (a) of Art. 6(1) GDPR. The personal data collected for the use of the contact form is automatically erased once the query has been completed and if there are no reasons to continue storing it (e.g. subsequent commissioning of our company).

Privacy policy for our Facebook fanpage

At the web address www.facebook.com/szaidelcosmetics/, we operate an official website of our company, and are jointly responsible for it with the social network Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

You can view the joint responsibility agreement via this link: www.facebook.com/legal/terms/page_controller_addendum.

In accordance with this agreement, Facebook Ireland assumes the primary responsibility for the Insights data and undertakes to fulfill all obligations under GDPR with regard to the processing of the Insights data.

The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the legal provisions and in compliance with the relevant data protection regulations.

1. Purposes of processing

We use this summarized data on Facebook to make our posts and activities on our Facebook page more attractive to users. We use, for example, the categories “age” and “gender” to personalize the form of address and we use the preferred visiting times of the users for an optimal planning of our posts. Information about the type of devices used by visitors help us to adapt the visual design of our posts. In accordance with the Facebook terms of use, which every user agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and their profiles, as well as view further information shared by them.

According to its own statements, Facebook uses the information to provide and support the Facebook products and associated services described in the Facebook terms of use and the Instagram terms of use. You can find more information at https://www.facebook.com/privacy/explanation

2. Processing of data

2.1 Cookies

In the moment that you access our fanpage, your browser establishes a connection with Facebook and transfers information. Among other things, the following data is transferred:

For users who are not registered with Facebook or logged in to their Facebook account:

IP address: when you access a fanpage, Facebook automatically identifies the IP address of the user.

Cookies, small text files, which are stored on the various devices of the users. When you access our fanpage, cookies are stored. According to its own statements, Facebook uses these cookies to identify the web browser which establishes the connection with the Facebook website, and for the purposes of marketing, analysis, the generation of personal advertising, creation of user profiles and for market research.

For visitors who are registered with Facebook and logged in to their Facebook account:

IP address: in the case of logged-in visitors, Facebook also identifies the IP address of the user (see above

Cookies: a cookie is stored in this case too (see above). If you are a member of Facebook and are logged in to your Facebook profile at the same time as your visit to our “fanpage”, a further cookie is also activated. Facebook links the visit to our “fanpage” with your personal user account. This enables Facebook to track your user behavior in that the storage and analysis of data may take place across various devices. You can find more information in the Facebook cookie policy www.facebook.com/policies/cookies/.

2.2 Facebook lnsights

The operators of the “fanpage” can retrieve various categories of statistical data via “Insights” on the Facebook website. These statistics are generated and provided by Facebook. We cannot switch off this function or prevent the generation and processing of the data. You can find more information via the following link:

www.facebook.com/business/help/144825579583746

Facebook provides us with the following data collected during a selected period and relating to the respective categories “fans”, “subscribers”, “persons reached” and “interactive persons”:

Total number of page views, “likes”, webpage activities, post interactions, reach, video views, reach of posts, comments, shared content, responses, number of males and females, origin in terms of country and city, language, views and clicks in the shop, clicks in the route planner, clicks on telephone numbers. Facebook also provides data regarding the Facebook groups which are linked to our Facebook page.

As Facebook continually develops, the availability and processing of the data changes, and so we therefore refer you to the privacy policy of Facebook: www.facebook.com/about/privacy/

3. Legal basis

The legal basis for the operation of this website and the processing of your data is point (f) of Art. 6(1) GDPR in conjunction with Art. 26 GDPR, and takes place on the basis of our legitimate interest. Please be aware of the risks associated with the transfer of data to third countries. The legal basis for the storage of absolutely necessary information in the equipment of the end user or access to existing information on the equipment of the end user is Section 25 Paragraph 2 TTDSG (Data protection legislation covering telecommunications and telemedia).

4. Transmission of data abroad

According to its own statements, Facebook shares information obtained both internally between Facebook companies as well as with external partners. The obtained information is transferred from Facebook Ireland to the USA and other third countries.

According to Facebook’s own statements, transfers to third countries take place on the basis of the Standard Contractual Clauses approved by the European Commission and, if applicable, the adequacy decisions enacted by the European Commission.

5. Rights of the data subject and/or user

You have the right to

• Obtain information on the categories of the processed data, purposes of processing, any recipients of the data, the intended storage period (Art. 15 GDPR);

• The rectification or completion of incorrect or incomplete data (Art. 16 GDPR);

• Withdraw any issued consent at any time effective for the future (Art. 7(3) GDPR);

• Object, on grounds relating to your particular situation, to data processing which is to take place based on a legitimate interest (Art. 21(1) GDPR).;

• The erasure of data in specific cases within the framework of Art. 17 GDPR – in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully;

• The restriction of data, under certain preconditions, provided the erasure of data is not possible or the obligation of erasure is contentious (Art. 18 GDPR);

• Data portability, i.e. you may obtain the data which you have provided to us in a common, machine-readable format such as CSV and, if applicable, to have this transferred to another party (Art. 20 GDPR).

You can exercise your rights as a user of Facebook under the following web addresses, among others:

www.facebook.com/settings (for logged-in users)

www.facebook.com/help/contact/1994830130782319

www.facebook.com/help/contact/540977946302970

www.youronlinechoices.com/de/praferenzmanagement/

6. Contact options

As only Facebook has complete access to the user data, we recommend that you contact Facebook directly if you would like to request information or have other questions about your rights. If you require further support, you may contact us at any time.

Privacy policy for our LinkedIn fanpage

The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the legal provisions and in compliance with the relevant data protection regulations.

In this privacy policy, we provide information about data processing on our company webpage on the social network LinkedIn.

 

1. Purposes of processing

We use this summarized data on LinkedIn to make our posts and activities on our LinkedIn page more attractive to users. We use, for example, the categories “age” and “gender” to personalize the form of address and we use the preferred visiting times of the users for an optimal planning of our posts. Information about the type of devices used by visitors help us to adapt the visual design of our posts. In accordance with the LinkedIn terms of use, which every user agreed to when creating a LinkedIn profile, we can identify the subscribers and fans of the page and their profiles, as well as view further information shared by them.

2. Processing of data

We would like to make you aware that we have no influence on the data processing operations carried out by LinkedIn for the data collected from you when you visit our social networks. 

3. Legal basis

The legal basis for the operation of this website and the processing of your data is point (f) of Art. 6(1) GDPR, and takes place on the basis of our legitimate interest. Please be aware of the risks associated with the transfer of data to third countries. The legal basis for the storage of absolutely necessary information in the equipment of the end user or access to existing information on the equipment of the end user is Section 25 Paragraph 2 TTDSG (Data protection legislation covering telecommunications and telemedia).

3. Transmission of data abroad

According to its own statements, LinkedIn transfers information obtained to the USA and other third countries.

The data transfer to the USA is supported by the Standard Contractual Clauses of the EU Commission. You can find details here: www.linkedin.com/legal/l/dpa und www.linkedin.com/legal/l/eu-sccs. You can find more information in the LinkedIn privacy policy at www.linkedin.com/legal/privacy-policy.

According to LinkedIn’s own statements, transfers to third countries take place on the basis of the Standard Contractual Clauses approved by the European Commission and, if applicable, the adequacy decisions enacted by the European Commission.

4. Rights of the data subject and/or user

You have the right to

• Obtain information on the categories of the processed data, purposes of processing, any recipients of the data, the intended storage period (Art. 15 GDPR);

• The rectification or completion of incorrect or incomplete data (Art. 16 GDPR);

• Withdraw any issued consent at any time effective for the future (Art. 7(3) GDPR);

• Object, on grounds relating to your particular situation, to data processing which is to take place based on a legitimate interest (Art. 21(1) GDPR).;

• The erasure of data in specific cases within the framework of Art. 17 GDPR – in particular insofar as the data is no longer required for the intended purpose or is processed unlawfully;

• The restriction of data, under certain preconditions, provided the erasure of data is not possible or the obligation of erasure is contentious (Art. 18 GDPR);

• Data portability, i.e. you may obtain the data which you have provided to us in a common, machine-readable format such as CSV and, if applicable, to have this transferred to another party (Art. 20 GDPR).

5. Contact options

As only LinkedIn has complete access to the user data, we recommend that you contact LinkedIn directly if you would like to request information or have other questions about your rights. If you require further support, you may contact us at any time.

Storage of data

When you enter into a contract, the data communicated by you (your email address, salutation, name, postcode, company/institution, address and telephone number) are stored by us. We may process the data provided by you in order to contact you for customer satisfaction surveys or to send you emails with technical information. This contact is based on point (f) of Art. 6(1) GDPR in conjunction with Recital 47 GDPR (Direct marketing as a legitimate interest of Szaidel Cosmetics GmbH). You may object to the processing of your data for marketing purposes at any time by emailing datenschutz@szaidel-cosmetics.de at no further cost other than the transfer costs which are incurred according to the base rates. We shall erase the data collected in this context once its storage is no longer required, or restrict processing if there are statutory retention obligations.

Forwarding of data

Personal data is forwarded to third parties if

- the data subject expressly consented to this in accordance with point (a) of Art. 6(1) GDPR.

- the forwarding is necessary in order to assert, exercise or defend legal claims in accordance with point (f) of Art. 6(1) GDPR and there is no reason to assume that the data subject has an overriding legitimate interest in the non-disclosure of their data.

- there is a legal obligation for the data transfer in accordance with point (c) of Art. 6(1) GDPR and/or

- this is necessary for the fulfillment of a contractual relationship with the data subject in accordance with point (b) of Art. 6(1) GDPR.

In other cases, personal data is not forwarded to third parties.

Your rights as data subject

If your personal data is processed during the visit to our website, you have the following rights as the “data subject” within the meaning of GDPR:

 

Information

You may request information about whether your personal data is processed by us. There is no right to information if the issue of the desired information must be kept secret for other reasons, in particular due to an overriding legitimate interest of a third party. Deviating from this, an obligation to issue the information may exist if your interests override the interests of confidentiality with particular consideration of impending damages. Furthermore, the right to information is ruled out if the data is only stored because it may not be erased based on statutory retention periods or is used exclusively for purposes of data backup or data protection checks, if the issue of information would require disproportionate effort and the processing for other purposes is ruled out by way of suitable technical and organizational measures. If, in your case, the right to information is not ruled out and your personal data is processed by us, you may request information about the following details from us:

- Purposes of processing,

- Categories of your personal data being processed,

- Recipients or categories of recipients to whom your personal data is disclosed, in particular in the case of recipients in third countries,

- If possible, the planned duration for which your personal data is to be stored or, if this is not possible, the criteria for determining the storage duration,

- The existence of a right to rectification or erasure or restriction of processing of your personal data, or a right to object against this processing,

- The existence of a right to complain to a supervisory authority for data protection,

- If the personal data has not been collected from you as the data subject, the available information about the origin of the data,

- If applicable, the existence of automated decision-making including profiling and detailed information about the logic and scope and the desired effects of the automated decision-making.

- If applicable, in the case of transfer to recipients in third countries, provided there has been no decision from the EU Commission about the adequacy of the level of protection in accordance with Art. 45(3) GDPR, information about which suitable guarantees in accordance with Art. 46(2) GDPR are intended for the protection of the personal data.

 

Rectification and completion

If you establish that we have incorrect personal data about you, you may request that we correct this incorrect data without undue delay. In the case of incomplete personal data about yourself, you may request that this is completed.

 

Erasure

You have the right to erasure (“the right to be forgotten”) provided the processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation or for completing a task in the public interest, and one of the following reasons applies:

 

- The personal data is no longer necessary for the purposes for which it was processed.

- The basis of justification for the processing was exclusively your consent, which you have withdrawn.

- You have lodged an objection against the processing of your personal data which we have made public.

- You have lodged an objection against the processing of personal data which was not made public by us, and there are no overriding legitimate reasons for the processing.

- Your personal data has been unlawfully processed.

- The erasure of the personal data is required for the fulfillment of a legal obligation.

In the case of lawful, non-automated data processing, there is no claim to erasure if the erasure is not possible, or only possible with a disproportionate effort due to the particular type of storage, and your interest in the erasure is low. In this case, restriction of processing takes the place of erasure.

 

Restriction of processing

You have the right to request the restriction of processing from us, where one of the following reasons applies:

- You contest the accuracy of the personal data. In this case, the restriction can be requested for the period which allows us to review the accuracy of the data.

- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead.

- We no longer need the personal data for the purposes of the processing, but it is required for the assertion, exercise or defense of legal claims.

- You have lodged an objection in accordance with Art. 21(1) GDPR. The restriction of processing can be requested for as long as it has not yet been determined whether our legitimate reasons override your reasons.

Restriction of processing means that the personal data may only be processed with your consent or in order to assert, exercise or defend legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We must inform you before we lift the restriction of processing.

 

Data portability

You have the right to data portability to the extent that the processing is based on your consent (point (a) of Art. 6(1) or point (a) of Art. 9(2) GDPR) or on a contract to which you are a party and the processing takes place by way of an automated process. In this case, the right to data portability includes the following rights, provided the rights and freedoms of other persons are not impaired by these: you may request that you obtain from us the personal data that you have provided to us in a structured, common and machine-readable format. You have the right to transfer this data to another controller without hindrance on our part. Provided this is technically feasible, you may request that we transfer your personal data directly to another controller.

Objection

If the processing is based on point (e) of Art. 6(1) GDPR (carried out in the public interest or in the exercise of official authority) or on point (f) or Art. 6(1) GDPR (legitimate interest of the controller or a third party), you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data. This also applies to profiling supported by point (e) or (f) of Art. 6(1) GDPR. Once you have exercised your right to object, we shall no longer process your personal data unless we can prove compelling and legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is necessary for the assertion, exercise or defense of legal claims.

 

You may object to the processing of your personal data for purposes of direct marketing at any time. This also applies to profiling which is connected with such direct marketing. Once you have exercised this right to object, we shall no longer use the affected personal data for the purposes of direct marketing.

You have the option of communicating the objection to us informally via telephone, email, fax or to our company’s postal address specified at the start of this privacy policy.

 

Withdrawal of consent

You have the right to withdraw any issued consent at any time effective for the future. The withdrawal may be communicated informally via telephone, email, fax or via our postal address. The withdrawal does not affect the legality of the data processing which took place on the basis of the consent before it was withdrawn. Once the withdrawal is received, the data processing which is based exclusively on your consent shall be stopped.

 

Complaints

If you are of the opinion that the processing of your personal data is unlawful, you may lodge a complaint with a supervisory authority for data protection responsible for the place of which you are a resident or in which you work, or in the place of the suspected violation.

Data and update status of this privacy policy

This privacy policy is dated May 9, 2023. We reserve the right to update the privacy policy in due course in order to improve data protection and/or adapt it to changed administrative practice or jurisprudence.