We, Atout Cosmetics GmbH (hereinafter referred to as “we” or “Atout Cosmetics”), appreciate your interest in our company. We take the protection of your personal data and its confidential treatment very seriously. Your personal data is processed exclusively within the framework of the statutory provisions of the data protection law of the European Union, in particular, the General Data Protection Regulation (hereinafter “DSGVO”) and the other applicable regulations.
1. Name and contact details of the data controller
Atout Cosmetics GmbH
22880 Wedel, Germany
Telefon: +49 (0)40 429 336 77 – 0
We have appointed a data protection officer for our company:
80802 München, Germany
2. Subject of data protection
The subject of data protection is “personal data”. This is any information relating to an identified or identifiable natural person (so-called data subject). This includes, for example, details such as name, postal address, e-mail address, or telephone number.
Specific information on the personal data we process in each case can be found below in the data processing operations listed in detail.
3. Collection and storage of personal data and the nature and purpose of their processing:
a. When visiting the website
When you access our website, the browser used on your end device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automatic deletion after a few days:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file accessed
- Website from which access is made (referrer URL)
- Website that is accessed via our website
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider
The above data will be processed by us for the following purposes:
- Ensuring a smooth connection to the website
- Ensuring comfortable use of our website
- Evaluation of system security and stability as well as for further administrative purposes
The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.
b. When ordering a newsletter
If you have expressly consented in accordance with Art. 6 (1) sentence 1 lit. a DSGVO, we will use your e-mail address to send you our newsletter on a regular basis. The provision of an e-mail address is sufficient for the receipt of the newsletter.
If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you information on similar goods or services. In such a case, only direct advertising for our own similar goods or services will be sent via the newsletter. In this case, the legal basis for sending this information as a result of the sale of goods or services is Section 7 (3) UWG in conjunction with Article 6 (1) sentence 1 lit. f DSGVO.
Unsubscribing is possible at any time, regardless of whether the sending of the newsletter is based on consent or legal permission, for example via a link at the end of each newsletter. Alternatively, you are welcome to send your unsubscribe request at any time to Email: email@example.com by email. This does not incur any costs other than the transmission costs according to the basic rates.
The data required for sending the newsletter will be deleted as soon as they are no longer required to achieve the purpose for which they were collected and insofar as no other legal basis for further processing applies. Your e-mail address will therefore only be stored for the purpose of sending the newsletter until you revoke your consent or object to the newsletter being sent.
c. When using our contact form and e-mail contact
If you have any questions, we offer you the possibility of contacting us via a form provided on the website. Your personal details, e-mail address, and postal address are required in order to be able to answer your inquiry quickly.
Alternatively, you can contact us via the e-mail address provided. In this case, your personal data transmitted with the e-mail will be stored.
The data processing for the purpose of contacting you is Art. 6 para. 1 lit. f DSGVO. If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
The personal data collected from us will be deleted after the request you have made has been dealt with.
d. When ordering goods and services via our website (with a customer account or as a guest)
You can create a customer account as part of the registration process when placing an order. With your customer account, accessible with your e-mail address and self-selected password, you have access at all times to your previous orders and control over your personal data for the processing of orders. However, you can also order as a guest without setting up a customer account.
The legal basis for data processing is Art. 6 para. 1 lit. a DSGVO in the case of consent or Art. 6 para. 1 lit. b DSGVO if the processing is necessary to provide the requested services (ordering as a guest).
At your request, we will delete the customer account again. Until then, we store the corresponding data without a time limit so that you can access it at any time. We block the data relating to specific orders when the customer account is deleted after the order has been processed (expiry of the warranty period) and delete this data after the statutory retention periods have expired. We also block the data entered as a guest in the context of an order after the order has been processed (expiry of the warranty period) and delete it after the expiry of the statutory retention periods.
4. Passing on data
We only pass on your personal data to third parties (recipients) if we are entitled to do so in accordance with the provisions of data protection law. Below we inform you about the cases in which this may be the case. We may pass on your personal data to third parties (recipients) if:
- you have given us your consent to do so for one or more specific purposes (Art. 6 para. 1 p. 1 lit. a DSGVO)
- the processing is necessary for the performance of a contract with you, or for the implementation of pre-contractual measures, which are carried out at your request (Art. 6 para. 1 p. 1 lit. b DSGVO)
- processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 p. 1 lit. c DSGVO)
- processing is necessary to protect our legitimate interests or those of a third party, unless those interests are overridden by your interests or fundamental rights which require the protection of your personal data (Art. 6 para. 1 p. 1 lit. f DSGVO)
Furthermore, we work with service providers, so-called order processors, to whom we transfer your personal data and who process your data on our behalf and according to our instructions within the scope of Art. 28 DSGVO. These service providers have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. Specifically, these are the following service providers:
We pass on details of your delivery address and your e-mail address to a logistics company commissioned by us for the purpose of processing the purchase contract. In order to ensure that the goods are delivered in accordance with your wishes, we use your email address to contact you in advance of the delivery to inform you of the delivery time. Within this email, you also have the option of specifying your preferred delivery location or a drop-off location.
Information is stored in the cookie that is related to the specific end device used. However, this does not mean that we gain direct knowledge of your identity.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website again to use our services, it is automatically recognised that you have already been to our website and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) sentence 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.
Further information on usage-based online advertising is also available on the consumer portal http:// www.meine-cookies.org. On my-cookies.org, you can also deactivate or activate the collection of usage data from other providers via the following link and view the status of activation with different providers: http://www.meine-cookies.org/cookies_verwalten/praeferenzmanager-beta.html
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 p. 1 lit. a DSGVO. With the tracking measures used, we want to ensure a needs-based design and the ongoing optimization of our website. On the other hand, we use tracking measures in order to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision.
The respective data processing purposes and data categories can be found in the corresponding tracking tools in this section.
For the purpose of demand-oriented design and continuous optimization of our websites, we use Google Analytics, a web analysis service of Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland). In this context, pseudonymised usage profiles are created and cookies are used (see under point 5). The information generated by the cookie about your use of this website such as:
- Browser type/version
- Operating system used
- Referrer URL (the website visited before)
- Host name of the accessing computer (IP address)
- Time of the server request,
will be transmitted to and stored by Google on servers in the United States under the terms of the data-sharing agreement that we have entered into with Google. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services associated with the use of the website and the internet for the purposes of market research and demand-oriented design of these internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an allocation is not possible (IP masking). Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after 30 minutes without activity, and campaigns after six months. The time limit for campaigns can be a maximum of two years.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de). Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).
7. Social Media
We use Shariff buttons from the social networks Facebook, Instagram, Pinterest, and YouTube on our website. The buttons are simple HTML links. We proceed within the framework of the Shariff solution. With the Shariff solution, a script retrieves how often, for example, the share button on a page has been clicked: For this purpose, the script contacts the social network via the programming interfaces and retrieves the numbers. Your personal data is not transmitted in this process. Instead of your IP address, only our server address is transmitted to Facebook, Google, and Twitter. You are only directly connected to Facebook, Google, or Twitter when you become active. Before that, social networks cannot collect any data about you. As long as you do not press a link to share content, you remain invisible to the networks. If you click on the link, the duty to inform about the data collection and processing no longer lies with us, but with the operator of the social network.
8. Data subjects’ rights
You have the right:
- to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
- in accordance with Art. 16 DSGVO, to request the correction of incorrect or incomplete personal data stored by us without delay
- in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims
- in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO
- pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format, or to request that it be transferred to another controller;
- revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
- complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
9. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to firstname.lastname@example.org.
10. Further notes
We would like to point out the following in accordance with Art. 13 Para. 2 lit. e DSGVO:
The provision of your personal data to us is neither legally nor contractually required nor necessary for the conclusion of a contract. You are not obliged to provide us with personal data. There will be no negative consequences for you if you do not provide us with the data.
We would like to point out the following in accordance with Art. 13 para. 2 lit. f DSGVO:
We do not process your personal data for the purposes of automated decision-making.
In accordance with Art. 13 (1) (f) DSGVO, we would like to point out that we do not intend to transfer personal data to a third country or an international organization.
11. Data security
We use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser when visiting the website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual website on our website is encrypted by the closed display of the key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Up-to-dateness and amendment of this data protection declaration
This data protection declaration is currently valid and has the status of July 2020.